3 matches found
CVE-2026-6966 vulnerabilities
Vulnerabilities for packages: mise...
tough-kms (>=0.2.0 <=0.5.0), tough-ssm (>=0.5.0 <=0.8.0) +1 more potentially affected by CVE-2026-6966 via tough (>=0.10.0 <=0.1.0)
tough CARGO version =0.10.0, =0.2.0, =0.5.0, =0.1.0, =0.9.0 Source cves: CVE-2026-6966 Source advisory: OSV:GHSA-8M7C-8M39-RV4X...
CVE-2026-6966 Signature Threshold Bypass in awslabs/tough Delegated Roles
Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role...