Home

Description

Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/ex_aws/sns.ex, lib/ex_aws/sns/public_key_cache.ex and program routines 'Elixir.ExAws.SNS':verify_message/1, 'Elixir.ExAws.SNS.PublicKeyCache':get/1. 'Elixir.ExAws.SNS':verify_message/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that the host matches an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to an endpoint that calls verify_message/1 can supply an attacker-controlled SigningCertURL, sign a forged SNS message with their own key, and cause the function to return :ok, completely bypassing SNS signature verification. This issue affects ex_aws_sns: from 2.0.1 before 2.3.5.

PUBLISHED Reserved 2026-05-18 | Published 2026-05-28 | Updated 2026-05-29 | Assigner EEF




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status
unaffected

2.0.1 (semver) before 2.3.5
affected

Default status
unaffected

a7ec21880943f4dac1d59bda557db0ffcd2b61fa (git) before 1853d280b152d10384a1e21a22cf22152a60be48
affected

Credits

Peter Ullrich finder

Bernard Duggan remediation developer

Jonatan Männchen / EEF remediation developer

Jonatan Männchen / EEF analyst

References

github.com/...ws_sns/security/advisories/GHSA-8jgf-23q5-x7xx vendor-advisory related

cna.erlef.org/cves/CVE-2026-47074.html related

osv.dev/vulnerability/EEF-CVE-2026-47074 related

github.com/...ommit/1853d280b152d10384a1e21a22cf22152a60be48 patch

cve.org (CVE-2026-47074)

nvd.nist.gov (CVE-2026-47074)

Download JSON