CVE-2026-10584

MEDIUM 5.9

HTTPS Fallback to HTTP in Graph Explorer

CVSS Score

5.9

EPSS Score

0.0%

EPSS Percentile

1th

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer v3.0.1 or later.

CWE	CWE-319
Vendor	aws
Product	graph explorer
Published	Jun 2, 2026
Last Updated	Jun 3, 2026

Stay Ahead of the Next One

Get instant alerts for aws graph explorer

Be the first to know when new medium vulnerabilities affecting aws graph explorer are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

AWS / Graph Explorer

1.1.0 < 3.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

aws.amazon.com: https://aws.amazon.com/security/security-bulletins/2026-038-aws/ github.com: https://github.com/aws/graph-explorer/releases/tag/v3.0.1