{
  "threat_severity" : "Important",
  "public_date" : "2026-03-02T21:15:16Z",
  "bugzilla" : {
    "description" : "aws-lc: aws-lc: Certificate validation bypass via improper handling of PKCS7 objects",
    "id" : "2444026",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2444026"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-295",
  "details" : [ "Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.\nCustomers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.", "A flaw was found in aws-lc, a cryptographic library. An unauthenticated attacker can exploit improper certificate validation within the `PKCS7_verify()` function. This allows them to bypass the verification process for certificate chains when handling PKCS7 objects that contain multiple digital signers, except for the last one. The primary consequence is a compromise of integrity, as the system may incorrectly trust unverified certificates." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Trusted Artifact Signer 1.3",
    "release_date" : "2026-03-23T00:00:00Z",
    "advisory" : "RHSA-2026:5459",
    "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.3::el9",
    "package" : "rhtas/tuffer-rhel9:1773307309"
  }, {
    "product_name" : "Red Hat Trusted Artifact Signer 1.3",
    "release_date" : "2026-03-23T00:00:00Z",
    "advisory" : "RHSA-2026:5459",
    "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.3::el9",
    "package" : "rhtas/tuftool-rhel9:1773307309"
  } ],
  "package_state" : [ {
    "product_name" : "Confidential Compute Attestation",
    "fix_state" : "Not affected",
    "package_name" : "openshift-sandboxed-containers/osc-monitor-rhel9",
    "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1"
  }, {
    "product_name" : "Confidential Compute Attestation",
    "fix_state" : "Not affected",
    "package_name" : "openshift-sandboxed-containers/osc-operator-bundle",
    "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1"
  }, {
    "product_name" : "Confidential Compute Attestation",
    "fix_state" : "Not affected",
    "package_name" : "openshift-sandboxed-containers/osc-podvm-builder-rhel9",
    "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1"
  }, {
    "product_name" : "Confidential Compute Attestation",
    "fix_state" : "Affected",
    "package_name" : "openshift-sandboxed-containers/osc-podvm-payload-rhel9",
    "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1"
  }, {
    "product_name" : "Confidential Compute Attestation",
    "fix_state" : "Not affected",
    "package_name" : "openshift-sandboxed-containers/osc-rhel9-operator",
    "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Will not fix",
    "package_name" : "clevis-pin-trustee",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Will not fix",
    "package_name" : "trustee",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "virt-firmware-rs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "clevis-pin-trustee",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "kata-containers",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Update Service",
    "fix_state" : "Not affected",
    "package_name" : "openshift-update-service/openshift-update-service-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_update_service:5"
  }, {
    "product_name" : "Red Hat Trusted Profile Analyzer",
    "fix_state" : "Affected",
    "package_name" : "rhtpa/rhtpa-trustification-service-rhel9",
    "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-3336\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3336\nhttps://aws.amazon.com/security/security-bulletins/2026-005-AWS/\nhttps://github.com/aws/aws-lc/releases/tag/v1.69.0" ],
  "name" : "CVE-2026-3336",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}