HIGH
ex-aws
CVE published 2026-05-28
CVE-2026-47074
## Summary CVE-2026-47074 is a HIGH-severity (CVSS 8.7) Improper Certificate Validation vulnerability in the Elixir library ex_aws_sns, affecting versions 2.0.1 through 2.3.4. The vulnerability resides in the `verify_message/1` function and its supporting `PublicKeyCache` module, which fail to validate that the `SigningCertURL` field in incoming SNS messages uses HTTPS or originates from an AWS-owned doma [truncated]