NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-44308

Summary	Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could send crafted HTTP POST requests mimicking SNS Notification or SubscriptionConfirmation messages. This vulnerability is fixed in 4.0.2.
Publication Date	May 15, 2026, 12:16 a.m.
Registration Date	May 15, 2026, 4:25 a.m.
Last Update	May 15, 2026, 3:19 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/awspring/spring-cloud-aws/security/advisories/GHSA-r4w4-wv68-qv85	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-345	データの信頼性についての不十分な検証	https://cwe.mitre.org/data/definitions/345.html