Upstream information
Description
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
SUSE information
Overall state of this security issue: Does not affect SUSE products
SUSE Bugzilla entry: 1259093 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue Mar 3 00:06:02 2026CVE page last modified: Fri May 8 11:23:15 2026