CVE-2026-48034: @hulumi/policies has a HULUMI-H5 bypass via decoy sibling resources targeting a different bucket

HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi’s SecureBucket component, with one exemption: a raw bucket that’s a child of a SecureBucket is allowed because the component is responsible for the hardening. HULUMI-H5 is the defence-in-depth check that closes the H1 exemption — for any raw bucket claiming it, H5 verifies the five hardening sibling resources a real SecureBucket always emits (public-access block, SSE-KMS, ownership controls, versioning, TLS-only bucket policy) are actually present.

The bug: H5 only checked the siblings’ types. It never verified that those siblings actually applied to the bucket being exempted. A consumer (or compromised PR) could pair an unhardened raw bucket with five hardening sibling resources whose bucket property pointed at a completely different bucket, and H5 would report no violation while the actual bucket shipped with zero hardened defaults.