What is CVE-2026-6912?

CVE-2026-6912 is a high-severity vulnerability in Aws Ops Wheel, classified under Improperly Controlled Modification of Dynamically-Determined Object Attributes. CVSS score: 8.8/10. Published 2026-04-24.

How severe is CVE-2026-6912?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Aws Ops Wheel

CVE-2026-6912

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage C…

Vulnerability class: Mass Assignment

EPSS: 0.002 (41.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Aws Ops Wheel — versions 0

Weakness classification (CWE)

CWE-915 — Improperly Controlled Modification of Dynamically-Determined Object Attributes

References

github.com/aws/aws-ops-wheel/pull/165 (patch)
aws.amazon.com/security/security-bulletins/2026-018-aws/ (vendor-advisory)
github.com/aws/aws-ops-wheel/security/advisories/GHSA-qvfh-9cjw-8wwq (third-party-advisory)

Frequently asked questions

What is CVE-2026-6912?: CVE-2026-6912 is a high-severity vulnerability in Aws Ops Wheel, classified under Improperly Controlled Modification of Dynamically-Determined Object Attributes. CVSS score: 8.8/10. Published 2026-04-24.
How severe is CVE-2026-6912?: High severity. CVSS v3 base score is 8.8 out of 10.