Primary

Context

Graph Explorer HTTPS Fallback to HTTP Vulnerability

Vulnerability

Patched

A vulnerability exists in the Graph Explorer proxy server in versions 1.1.0 prior to 3.0.1. When certificate files are missing, the server defaults to HTTP instead of HTTPS, potentially allowing remote attackers to intercept sensitive information from requests meant to be secure.

Impact

Exploitation of this vulnerability could lead to the interception of sensitive information due to unencrypted transmission over HTTP.

Remediation

Users should upgrade to Graph Explorer version 3.0.1 or later. If an immediate upgrade is not possible, verify that the deployment is serving over HTTPS, ensure the HOST is set correctly in the Docker run command for proper certificate generation, and avoid using non-default configuration directory paths that could disrupt automatic self-signed certificate creation.

Added: Jun 2, 2026, 8:43 PM

Updated: Jun 2, 2026, 8:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Graph Explorer HTTPS Fallback to HTTP Vulnerability

Vulnerability

Impact

Remediation

Affected Products

AWS Graph Explorer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating