3.7

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2026-22611

CVE-2026-22611: AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value

AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. This issue has been patched in version 4.0.3.3.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2026-22611

CVE-2026-22611:

3.7

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
AWSSDK.Core	nuget	>= 4.0.0, < 4.0.3.3	4.0.3.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists in the AWS SDK for .NET where the RegionEndpoint and AuthenticationRegion properties of the Amazon.Runtime.ClientConfig class were not being properly validated. This allowed for the possibility of a crafted region value being used to construct service endpoint URLs. An attacker with control over the configuration of the SDK could specify a malicious region, causing the application to send sensitive AWS requests to an arbitrary endpoint.

The patch addresses this by introducing a ValidateRegion method that checks if the region string is a valid host label. This validation is now applied in the setters for both RegionEndpoint and AuthenticationRegion, as well as in the getter for RegionEndpoint when it falls back to a default region from the environment. Any function that sets the AWS region via these properties would be an entry point for the vulnerability. During exploitation, a profiler would show calls to Amazon.Runtime.ClientConfig.set_RegionEndpoint or Amazon.Runtime.ClientConfig.set_AuthenticationRegion with a malicious region string.

Vulnerable functions

Amazon.Runtime.ClientConfig.set_RegionEndpoint

sdk/src/Core/Amazon.Runtime/ClientConfig.cs

The `set_RegionEndpoint` property setter in `Amazon.Runtime.ClientConfig` did not validate the provided region. An attacker could provide a malicious region string, which would then be used to construct an endpoint URL, potentially redirecting requests to a malicious server. The patch adds validation to ensure the region is a valid host label.

Amazon.Runtime.ClientConfig.get_RegionEndpoint

sdk/src/Core/Amazon.Runtime/ClientConfig.cs

The `get_RegionEndpoint` property getter in `Amazon.Runtime.ClientConfig` could fetch a default region from the environment without validation. If the environment variable for the region was set to a malicious value, it would be used to construct an endpoint URL. The patch adds validation for the default region.

Amazon.Runtime.ClientConfig.set_AuthenticationRegion

sdk/src/Core/Amazon.Runtime/ClientConfig.cs

The `set_AuthenticationRegion` property setter in `Amazon.Runtime.ClientConfig` did not validate the provided region. Similar to `set_RegionEndpoint`, this could be used to construct a malicious endpoint URL. The patch adds validation to ensure the region is a valid host label.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

3.7

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2026-22611: AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value

CVE-2026-22611:

3.7

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2026-22611: AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value

Basic Information

Basic Information

3.7

3.7

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI