PT-2026-30745 · Amazon Web Services · Research/Engineering Studio
Julianallenderussek
·
Published
2026-04-06
·
Updated
2026-04-06
·
CVE-2026-5707
CVSS v3.1
8.8
High
| AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AWS Research and Engineering Studio (RES) versions 2025.03 through 2025.12.01
Description
An issue exists in the virtual desktop session name handling that could allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host through a crafted session name. The issue is due to unsanitized input in an OS command.
Recommendations
Upgrade to RES version 2026.03 or apply the corresponding mitigation patch.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Research/Engineering Studio