CVE-2026-10584

Published: Giu 02, 2026 Last Modified: Giu 02, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,2

Source: ff89ba41-3aa1-4d27-914a-91399e9639e5

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 5,9

Source: ff89ba41-3aa1-4d27-914a-91399e9639e5

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS.

To remediate this issue, users should upgrade to Graph Explorer v3.0.1 or later.

319

Cleartext Transmission of Sensitive Information

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality

Potential Impacts:

Read Application Data Modify Files Or Directories Other

Applicable Platforms

Technologies: Not Technology-Specific, Cloud Computing, Mobile, ICS/OT, System on Chip, Test/Debug Hardware

Likelihood of Exploit: High

View CWE Details

https://aws.amazon.com/security/security-bulletins/2026-038…

https://aws.amazon.com/security/security-bulletins/2026-038-aws/

https://github.com/aws/graph-explorer/releases/tag/v3.0.1

CVE-2026-10584

Description

Cleartext Transmission of Sensitive Information

Common Consequences

Applicable Platforms

Iscriviti alla newsletter