CVE-2026-13769
Last modified
CVE-2026-13769 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Overly permissive file permissions in AWS CLI before 1.44.78 (v1) and 2.34.29 (v2) on Unix-like systems where the umask has not been configured to restrict file permissions (the default on most systems) may allow other local users on the same host to read credentials written by certain CLI subcommands (aws codeartifact login, aws iam create-virtual-mfa-device, aws deploy register). To remediate this issue, users should upgrade to AWS CLI 1.44.78 (v1) or 2.34.29 (v2) or later..
Description
Overly permissive file permissions in AWS CLI before 1.44.78 (v1) and 2.34.29 (v2) on Unix-like systems where the umask has not been configured to restrict file permissions (the default on most systems) may allow other local users on the same host to read credentials written by certain CLI subcommands (aws codeartifact login, aws iam create-virtual-mfa-device, aws deploy register). To remediate this issue, users should upgrade to AWS CLI 1.44.78 (v1) or 2.34.29 (v2) or later.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| AWS | AWS CLI | <= 1.44.77; <= 2.34.28 |
References
Timeline
- Published
- Last Modified
- Status
- Awaiting Analysis
Frequently Asked Questions
What is CVE-2026-13769?
How severe is CVE-2026-13769?
How do I fix CVE-2026-13769?
Related CVEs from 2026
- CVE-2026-1376IBM i 7.6 could allow a remote attacker to cause a denial of…7.5
- CVE-2026-13760OS command injection in the NodejsFunction Docker bundling p…7.3
- CVE-2026-13762Inconsistent interpretation of HTTP/2 requests in Amazon Clo…9.8
- CVE-2026-13763Inconsistent interpretation of HTTP/2 requests in AWS Applic…9.8
- CVE-2026-13766DBIx::QuickORM versions before 0.000026 for Perl allow SQL i…9.8
- CVE-2026-13768Gardyn devices expose a privileged iothubowner key. Access t…10
- CVE-2026-1377The imwptip plugin for WordPress is vulnerable to Cross-Site…4.3
- CVE-2026-13771The Customer Reviews for WooCommerce plugin for WordPress is…6.4
- CVE-2026-13772IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Objec…9.9
- CVE-2026-13773IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approxim…10
- CVE-2026-13774Use after free in Extensions in Google Chrome prior to 150.0…8.1
- CVE-2026-13775Use after free in GPU in Google Chrome prior to 150.0.7871.4…9.8
Are you affected by CVE-2026-13769?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
