Vulnerability Description
Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could send crafted HTTP POST requests mimicking SNS Notification or SubscriptionConfirmation messages. This vulnerability is fixed in 4.0.2.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-44308?
CVE-2026-44308 is a documented vulnerability. Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support (@NotificationM...
How severe is CVE-2026-44308?
CVSS scoring is not yet available for CVE-2026-44308. Check NVD for updates.
Is there a patch for CVE-2026-44308?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.