SB2026070349 - Incorrect permission assignment for critical resource in aws-cli
Published: July 3, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Incorrect permission assignment for critical resource (CVE-ID: CVE-2026-13769)
CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to incorrect permission assignment for critical resource in credential and configuration files written by the aws codeartifact login, aws iam create-virtual-mfa-device, and aws deploy register subcommands when creating files on Unix-like systems with a default umask. A local user can read world-readable files to disclose sensitive information.
Only Unix-like systems with a default umask are affected.
Remediation
Install update from vendor's website.