CVE-2026-10584 MEDIUM

CVE-2026-10584: HTTPS Fallback to HTTP in Graph Explorer

Vendor Aws
Product Graph Explorer
Weakness CWE-319 · Cleartext transmission
Published June 2, 2026
Last update June 3, 2026

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer v3.0.1 or later.

Key dates

02Disclosure timeline

June 2, 2026 CVE published
June 3, 2026 Record updated