CVE-2026-33697
Relay Attack in CoCoS Attested TLS Enables Endpoint Impersonation
Publication date: 2026-03-27
Last updated on: 2026-04-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ultraviolet | cocos_ai | From 0.4.0 (inc) to 0.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-322 | The product performs a key exchange with an actor without verifying the identity of that actor. |
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33697 is a vulnerability in the attested TLS (aTLS) implementation of the CoCoS confidential computing system for AI, affecting versions v0.4.0 through v0.8.2 on AMD SEV-SNP and Intel TDX platforms.
The vulnerability allows an attacker to perform a relay attack by extracting the ephemeral TLS private key used during the intra-handshake attestation. Because the attestation evidence is bound only to this ephemeral key and not to the TLS channel itself, possession of the key enables the attacker to relay or divert the attested TLS session.
As a result, a client may accept a connection under false assumptions, unable to distinguish between the genuine attested service and the attackerβs relay, which undermines the authentication guarantees of attested TLS.
Exploitation requires the attacker to extract the ephemeral TLS private key, which can be done through physical access to server hardware, transient execution attacks, or side-channel attacks.
Although the aTLS implementation was redesigned in version v0.7.0, this architectural vulnerability remains unaddressed across all affected versions. No patch is currently available.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to impersonate an attested CoCoS service by relaying or diverting the attested TLS session.
As a consequence, the attacker may gain unauthorized access to data or operations that the client intended to send only to the genuine attested endpoint.
This undermines the confidentiality and integrity of communications, potentially exposing sensitive information or allowing unauthorized actions within the system.
The vulnerability has a high severity rating with a CVSS v3.1 score of 7.5, indicating significant impact on confidentiality and integrity, though it does not affect availability.
What immediate steps should I take to mitigate this vulnerability?
There is no patch or complete workaround currently available for this vulnerability.
However, the following hardening measures can reduce the risk:
- Keep TEE firmware and microcode up to date to reduce the key-extraction attack surface.
- Define strict attestation policies that validate all available report fields, including firmware versions, TCB levels, and platform configuration registers.
- Enable mutual attested TLS (aTLS) with CA-signed certificates where the deployment architecture permits.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in CoCoS's attested TLS implementation allows an attacker to impersonate an attested service and access data or operations intended only for the genuine endpoint. This undermines the authentication guarantees and can lead to unauthorized data access.
Such unauthorized access and potential data exposure could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strong authentication and protection of sensitive data.
Because the vulnerability affects confidentiality and integrity of communications, organizations using affected versions may face increased risk of data breaches or unauthorized disclosures, which are critical compliance concerns under these regulations.