CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Issue with AWS Ops Wheel (CVE-2026-6911 and CVE-2026-6912

unknownCVE-2026-6911CVE-2026-6912
Bulletin ID: 2026-018-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/24 09:15 AM PDT Description: AWS Ops Wheel is an open-source tool that helps teams make random selections using a virtual spinning wheel, deployed into customer AWS accounts via CloudFormation. CVE-2026-6911 relates to an issue where JWT token signature verification was not enforced in the v2 API. CVE-2026-6912 relates to an issue in the v2 Cognito User Pool configuration where attribute write permissions were insufficiently restricted. Impacted versions: AWS Ops Wheel v2 deployments PR-163 and earlier Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

vendor: Amazonproduct: AWS Ops WheelAuthentication bypassaffected: v2 deployments PR-163 and earlier
What
JWT token signature verification was not enforced, and attribute write permissions were insufficiently restricted.
Who is affected
Users of AWS Ops Wheel v2 deployments prior to PR-163.
Urgency
Remediation is important due to the potential for unauthorized actions.
Action
Update to a version beyond PR-163.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch AWS Ops Wheel

Get an email when a new AWS Ops Wheel advisory drops — max one per day, one-click unsubscribe.

Details

Source
AWS Security Bulletins (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-06-05
Exploitation
Not in CISA KEV at last sync

Original advisory: https://aws.amazon.com/security/security-bulletins/rss/2026-018-aws/

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-6911coverage & exploitation statusNVD · CVE.org
CVE-2026-6912coverage & exploitation statusNVD · CVE.org

More from AWS Security Bulletins