Home > Vulnerability Database > CVE-2026-22611

Mend.io Vulnerability Database

CVE-2026-22611

Good to know:

Date: January 10, 2026

AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. This issue has been patched in version 4.0.3.3.

Severity Score

3.7

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-22611

Url: https://github.com/aws/aws-sdk-net/security/advisories/GHSA-9cvc-h2w8-phrp

Url: https://github.com/aws/aws-sdk-net

Url: https://www.mend.io/vulnerability-database/CVE-2026-22611

Severity Score

3.7

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version awssdk.core - 4.0.3.3;https://github.com/aws/aws-sdk-net.git - 4.0.139.0

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-22611

Good to know:

Date: January 10, 2026

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?