CVE-2026-6912: CWE-915 Improperly controlled modification of Dynamically-Determined object attributes in AWS AWS Ops Wheel
CVE-2026-6912 is a high-severity vulnerability in AWS Ops Wheel affecting the Cognito User Pool configuration. It allows remote authenticated users to escalate privileges to deployment admin by exploiting improper control over dynamically-determined object attributes via a crafted UpdateUserAttributes API call. This enables attackers to set the custom:deployment_admin attribute and manage Cognito user accounts. The vulnerability is present before pull request #165 and affects version 0 of AWS Ops Wheel. AWS manages remediation for this cloud service and has released a fix. Users should redeploy from the updated repository and patch any forked or derivative code accordingly.
AI Analysis
Technical Summary
This vulnerability arises from CWE-915: Improperly controlled modification of dynamically-determined object attributes in AWS Ops Wheel's Cognito User Pool configuration. Remote authenticated users can exploit this by sending a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute, escalating their privileges to deployment admin and gaining management capabilities over Cognito user accounts. The issue affects AWS Ops Wheel before PR #165. AWS, as the cloud service provider, manages remediation and has issued a fix requiring users to redeploy updated code and patch derivatives.
Potential Impact
Successful exploitation allows remote authenticated users to escalate privileges to deployment admin level within AWS Ops Wheel, granting them the ability to manage Cognito user accounts. This can lead to full compromise of user account management and potentially broader administrative control within the deployment environment. The CVSS 3.1 score is 8.8 (high), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
A patch is available and remediation is managed by AWS as this is a cloud-hosted service. Users should redeploy from the updated AWS Ops Wheel repository incorporating the fix from PR #165. Additionally, any forked or derivative codebases must be patched to include these updates. Refer to the official AWS security bulletin at https://aws.amazon.com/security/security-bulletins/2026-018-aws/ for detailed remediation instructions.
CVE-2026-6912: CWE-915 Improperly controlled modification of Dynamically-Determined object attributes in AWS AWS Ops Wheel
Description
CVE-2026-6912 is a high-severity vulnerability in AWS Ops Wheel affecting the Cognito User Pool configuration. It allows remote authenticated users to escalate privileges to deployment admin by exploiting improper control over dynamically-determined object attributes via a crafted UpdateUserAttributes API call. This enables attackers to set the custom:deployment_admin attribute and manage Cognito user accounts. The vulnerability is present before pull request #165 and affects version 0 of AWS Ops Wheel. AWS manages remediation for this cloud service and has released a fix. Users should redeploy from the updated repository and patch any forked or derivative code accordingly.
CVSS v3.1
Score 8.8high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from CWE-915: Improperly controlled modification of dynamically-determined object attributes in AWS Ops Wheel's Cognito User Pool configuration. Remote authenticated users can exploit this by sending a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute, escalating their privileges to deployment admin and gaining management capabilities over Cognito user accounts. The issue affects AWS Ops Wheel before PR #165. AWS, as the cloud service provider, manages remediation and has issued a fix requiring users to redeploy updated code and patch derivatives.
Potential Impact
Successful exploitation allows remote authenticated users to escalate privileges to deployment admin level within AWS Ops Wheel, granting them the ability to manage Cognito user accounts. This can lead to full compromise of user account management and potentially broader administrative control within the deployment environment. The CVSS 3.1 score is 8.8 (high), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
A patch is available and remediation is managed by AWS as this is a cloud-hosted service. Users should redeploy from the updated AWS Ops Wheel repository incorporating the fix from PR #165. Additionally, any forked or derivative codebases must be patched to include these updates. Refer to the official AWS security bulletin at https://aws.amazon.com/security/security-bulletins/2026-018-aws/ for detailed remediation instructions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- AMZN
- Date Reserved
- 2026-04-23T13:38:11.080Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
- Vendor Advisory Urls
- [{"url":"https://aws.amazon.com/security/security-bulletins/2026-018-aws/","vendor":"AWS"}]
Threat ID: 69eba2fd87115cfb68542cdd
Added to database: 4/24/2026, 5:06:05 PM
Last enriched: 5/1/2026, 8:45:46 PM
Last updated: 6/7/2026, 11:29:25 AM
Views: 70
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.