AWS patches three AWS-LC flaws, including certificate and signature verification bypass bugs

Amazon has disclosed three security flaws in AWS-LC, its open-source cryptographic library, including two bugs that can let unauthenticated attackers bypass parts of PKCS7 verification. AWS says customers should upgrade immediately because the issues affect certificate-chain validation, signature validation, and AES-CCM tag verification.

The most serious issues are CVE-2026-3336 and CVE-2026-3338. AWS says both flaws sit in PKCS7_verify() and can let an unauthenticated user bypass trust checks when processing certain PKCS7 objects. One bug affects certificate chain verification for multiple signers, while the other affects signature verification when Authenticated Attributes are present.

AWS also disclosed CVE-2026-3337, a timing side-channel bug in AES-CCM decryption. According to the company, an attacker may be able to infer authentication tag validity by measuring timing differences during decryption.

What AWS disclosed

CVE	Issue	Impact
CVE-2026-3336	PKCS7 certificate chain validation bypass	Can bypass certificate chain verification for multiple signers except the final signer
CVE-2026-3338	PKCS7 signature validation bypass	Can bypass signature verification for PKCS7 objects with Authenticated Attributes
CVE-2026-3337	AES-CCM timing side channel	May let attackers infer tag validity through timing analysis

AWS classifies the bulletin as Important (requires attention) and says the issues affect AWS-LC and some related Rust bindings and FIPS builds.

Affected versions

AWS says the affected ranges are:

• CVE-2026-3336
  • AWS-LC >= v1.41.0, < v1.69.0
  • aws-lc-sys >= v0.24.0, < v0.38.0
• CVE-2026-3338
  • AWS-LC >= v1.41.0, < v1.69.0
  • aws-lc-sys >= v0.24.0, < v0.38.0
• CVE-2026-3337
  • AWS-LC >= v1.21.0, < v1.69.0
  • AWS-LC-FIPS >= 3.0.0, < 3.2.0
  • aws-lc-sys >= v0.14.0, < v0.38.0
  • aws-lc-sys-fips >= v0.13.0, < v0.13.12

One important correction to the sample article: the PKCS7 bugs do not affect all versions back to 1.21.0. AWS says those two bypass issues start at v1.41.0, while v1.21.0 applies to the AES-CCM timing flaw.

Fixed versions

AWS says the issues are fixed in:

• AWS-LC v1.69.0
• AWS-LC-FIPS 3.2.0
• aws-lc-sys v0.38.0
• aws-lc-sys-fips v0.13.12

For the two PKCS7 bugs, AWS says the fixes land in AWS-LC v1.69.0 and aws-lc-sys v0.38.0. For the AES-CCM timing issue, AWS says the fix also includes the FIPS packages.

Is there a workaround?

AWS says there are no known workarounds for:

• CVE-2026-3336
• CVE-2026-3338

For CVE-2026-3337, AWS says some users can reduce exposure if they use AES-CCM with these exact parameter sets:

• (M=4, L=2)
• (M=8, L=2)
• (M=16, L=2)

In those cases, AWS says customers can route AES-CCM through the EVP AEAD API using:

• EVP_aead_aes_128_ccm_bluetooth
• EVP_aead_aes_128_ccm_bluetooth_8
• EVP_aead_aes_128_ccm_matter

Why this matters

These bugs matter because they hit cryptographic verification logic, not just peripheral code. If an application relies on AWS-LC’s PKCS7 verification for trust decisions, a bypass could weaken certificate or signature checks in ways that are hard to spot during normal operations. That is an inference from AWS’s description of the flaws, not a separate exploitation claim.

The timing issue matters for a different reason. Side channels often look less dramatic than bypass bugs, but they can still leak security-relevant signals to attackers under the right conditions. AWS’s bulletin stops short of claiming broad practical exploitation, but it clearly says attackers may infer authentication-tag validity through timing analysis.

What users should do now

• Upgrade to AWS-LC 1.69.0 or later.
• Upgrade to AWS-LC-FIPS 3.2.0 if you use the FIPS branch.
• Upgrade Rust bindings to aws-lc-sys 0.38.0 and aws-lc-sys-fips 0.13.12 where applicable.
• Review whether your applications use PKCS7_verify() or AES-CCM paths covered by the bulletin.
• Use the EVP AEAD workaround for CVE-2026-3337 only if your deployment matches AWS’s supported parameter combinations.

FAQ