Amazon Tuftool
3 CVEs affecting Amazon Tuftool. Latest disclosed: 2026-04-24. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6968 | Medium | 5.9 | 2026-04-24 | Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside… |
CVE-2026-6967 | Medium | 5.9 | 2026-04-24 | Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with… |
CVE-2026-6966 | Medium | 5.3 | 2026-04-24 | Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated user… |