Incorrect permission assignment for critical resource in aws-cli - CVE-2026-13769

 

Incorrect permission assignment for critical resource in aws-cli - CVE-2026-13769

Published: July 3, 2026


Vulnerability identifier: #VU136868
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-13769
CWE-ID: CWE-732
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Amazon Web Services
Affected software:
aws-cli

Detailed vulnerability description

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to incorrect permission assignment for critical resource in credential and configuration files written by the aws codeartifact login, aws iam create-virtual-mfa-device, and aws deploy register subcommands when creating files on Unix-like systems with a default umask. A local user can read world-readable files to disclose sensitive information.

Only Unix-like systems with a default umask are affected.


How to mitigate CVE-2026-13769

Install security update from vendor's website.

Sources