https://www.infoq.com InfoQ AWS Lambda News feed https://www.infoq.com/news/2026/06/aws-api-gateway-auth-bypass/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=AWS+Lambda-news <img src="https://res.infoq.com/news/2026/06/aws-api-gateway-auth-bypass/en/headerimage/generatedHeaderImage-1779890404425.jpg"/><p>A security researcher found that adding a trailing slash to AWS HTTP API paths bypassed Lambda authorizer authentication entirely, enabling unauthenticated wire transfers at a fintech. The root cause is a path normalization mismatch between HTTP API's greedy route matching and its authorization layer. The same vulnerability class appeared in gRPC-Go via CVE-2026-33186.</p> <i>By Steef-Jan Wiggers</i> Cloud Application Security API Gateway AWS Lambda AWS Security Vulnerabilities DevOps Development Architecture & Design news Mon, 01 Jun 2026 09:55:00 GMT https://www.infoq.com/news/2026/06/aws-api-gateway-auth-bypass/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=AWS+Lambda-news Steef-Jan Wiggers 2026-06-01T09:55:00Z /news/2026/06/aws-api-gateway-auth-bypass/en