HTTP Fallback Vulnerability in Graph Explorer by AWS
CVE-2026-10584

8.2HIGH

Key Information:

Vendor: Aws
Status: Graph Explorer
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-10584?

The proxy server in Graph Explorer prior to version 3.0.1 has a significant vulnerability where it defaults to HTTP when required certificate files are not present. This fallback mechanism may enable remote attackers to intercept sensitive data that should be securely transmitted over HTTPS, resulting in potential data breaches or unauthorized access. To mitigate this risk, users are strongly advised to upgrade to Graph Explorer version 3.0.1 or later, which addresses this critical security flaw.

Affected Version(s)

Graph Explorer 1.1.0 < 3.0.1

References

https://aws.amazon.com/security/security-bulletins/2026-0...

vendor-advisory

https://github.com/aws/graph-explorer/releases/tag/v3.0.1

patch

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Jun 1, 2026

CVE-2026-10584 Data

JSON

Aws

What is CVE-2026-10584?

Affected Version(s)

References

CVSS V4

Timeline