Cryptographic Algorithm Downgrade in Amazon AWS Encryption SDK for Python
CVE-2026-6550

5.7MEDIUM

Key Information:

Vendor: Aws
Status: Aws Encryption Sdk For Python
Vendor: CVE Published:; 20 April 2026

What is CVE-2026-6550?

A vulnerability exists in the caching layer of the AWS Encryption SDK for Python, which enables a local authenticated threat actor to bypass key commitment policy enforcement through a shared key cache. This can lead to scenarios where the same ciphertext is able to be decrypted into multiple distinct plaintexts, potentially compromising sensitive data integrity. To mitigate this risk, it is crucial for users to upgrade to version 3.3.1, 4.0.5, or later.

Affected Version(s)

AWS Encryption SDK for Python 2 <= 2.5.1

AWS Encryption SDK for Python 3 <= 3.3.0

AWS Encryption SDK for Python 4 <= 4.0.4

References

https://aws.amazon.com/security/security-bulletins/2026-0...

vendor-advisory

https://github.com/aws/aws-encryption-sdk-python/releases...

patch

https://github.com/aws/aws-encryption-sdk-python/releases...

patch

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Apr 17, 2026

Credit

1seal.org

CVE-2026-6550 Data

JSON

Aws

What is CVE-2026-6550?

Affected Version(s)

References

CVSS V4

Timeline

Credit