Back to VulnFeed / CVE-2026-47074
root@hackertop:~/vulnfeed/CVE-2026-47074#
CVE-2026-47074 LOW CVE ⚠ Unpatched · Zero-day◉ PoC 公开 Lifecycle 4/7

ex-aws ex_aws_sns up to 2.3.4 PublicKeyCache lib/ex_aws/sns.ex SigningCertURL certificate validation

ex_aws_sns 2026-05-28 Impact pending confirmation
LIFECYCLE
3.6 CVSS
Vulnerability Detail Mitigation Lifecycle CVSS Assessment
Vulnerability Description
A vulnerability was found in ex-aws ex_aws_sns up to 2.3.4. It has been rated as problematic. This issue affects an unknown code block in the library lib/ex_aws/sns.ex of the component PublicKeyCache Module. Upgrading to version 2.3.5 eliminates this vulnerability. Applying the patch 1853d280b152d10384a1e21a22cf22152a60be48 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Root Cause Analysis
The manipulation of the argument SigningCertURL with an unknown input leads to a unknown weakness. Using CWE to declare the problem leads to CWE-295. The product does not validate, or incorrectly validates, a certificate.

Impact: Impacted is integrity.

Countermeasure: Upgrading to version 2.3.5 eliminates this vulnerability. Applying the patch 1853d280b152d10384a1e21a22cf22152a60be48 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Validation (PoC/EXP) - Looking for Contributors
No public PoC yet

Public validation traces already exist. Community contributors can extend them with richer reproduction content.

Contribute Your PoC/EXP
Log in to contribute PoC/EXP content. Log in
Back to VulnFeed
CVE-2026-47074 · CVSS 3.6 · Active Threat