CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-6550

unknowncovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: 2026-017-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/20 12:45 PM PDT Description: AWS Encryption SDK (ESDK) for Python is a client-side encryption library. We identified CVE-2026-6550, which describes an issue with a key commitment policy bypass via shared key cache. Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be decrypted to multiple different plaintexts. Impacted versions: - From 2.0 to 2.5.1 - From 3.0 to 3.3.0 - From 4.0 to 4.0.4 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

vendor: AWSproduct: AWS Encryption SDK for PythonOtheraffected: 2.0 - 2.5.1, 3.0 - 3.3.0, 4.0 - 4.0.4
What
A key commitment policy bypass via shared key cache may allow an authenticated local threat actor to bypass key commitment policy enforcement.
Who is affected
Authenticated users of AWS Encryption SDK for Python versions in the specified range.
Urgency
Remediation is important to prevent unauthorized decryption of ciphertext.
Action
Update to a version of AWS Encryption SDK for Python that addresses this issue.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-6550

Get an email if CVE-2026-6550 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-6550

CVE.org record

Embed the live status

CVE-2026-6550 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-6550 status](https://www.csirts.com/badge/CVE-2026-6550)](https://www.csirts.com/cve/CVE-2026-6550)