SB2026070349 - Incorrect permission assignment for critical resource in aws-cli



SB2026070349 - Incorrect permission assignment for critical resource in aws-cli

Published: July 3, 2026

Security Bulletin ID SB2026070349
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Incorrect permission assignment for critical resource (CVE-ID: CVE-2026-13769)

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to incorrect permission assignment for critical resource in credential and configuration files written by the aws codeartifact login, aws iam create-virtual-mfa-device, and aws deploy register subcommands when creating files on Unix-like systems with a default umask. A local user can read world-readable files to disclose sensitive information.

Only Unix-like systems with a default umask are affected.


Remediation

Install update from vendor's website.