PT-2026-30745 · Amazon Web Services · Research/Engineering Studio

Julianallenderussek

Published

2026-04-06

Updated

2026-04-10

CVE-2026-5707

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio (RES) versions 2025.03 through 2025.12.01

Description A flaw exists in the virtual desktop session name handling within AWS Research and Engineering Studio (RES). An unsanitized input in an OS command could allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host through a crafted session name.

Recommendations Upgrade to RES version 2026.03 or apply the corresponding mitigation patch.

Exploit

Fix

RCE

LPE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-5707

Affected Products

Research/Engineering Studio

PT-2026-30745 · Amazon Web Services · Research/Engineering Studio

CVE-2026-5707

Weakness Enumeration

Related Identifiers

Affected Products

References · 10