CVE Catalog

CVE-2026-13769

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

Overly permissive file permissions in AWS CLI before versions 1.44.78 (v1) and 2.34.29 (v2) on Unix-like systems, where umask has not been configured to restrict file permissions (the default on most systems), may allow other local users on the same host to read credentials written by certain CLI subcommands (aws codeartifact login, aws iam create-virtual-mfa-device, aws deploy register).

Risk Assessment

The risk involves potential theft of AWS credentials by other local users, which could lead to unauthorized access to cloud resources, data breaches, or privilege escalation within the environment.

Recommendation

Immediately upgrade AWS CLI to version 1.44.78 (v1) or 2.34.29 (v2) or later. Additionally, consider configuring an appropriate umask (e.g., 077) for users running the CLI.

Original NVD description (English source)

Overly permissive file permissions in AWS CLI before 1.44.78 (v1) and 2.34.29 (v2) on Unix-like systems where the umask has not been configured to restrict file permissions (the default on most systems) may allow other local users on the same host to read credentials written by certain CLI subcommands (aws codeartifact login, aws iam create-virtual-mfa-device, aws deploy register). To remediate this issue, users should upgrade to AWS CLI 1.44.78 (v1) or 2.34.29 (v2) or later.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS