PT-2026-30747 · Amazon Web Services · Research/Engineering Studio

Julianallenderussek

Published

2026-04-06

Updated

2026-04-07

CVE-2026-5709

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio (RES) versions 2024.10 through 2025.12.01

Description Improper input validation in the FileBrowser API within AWS Research and Engineering Studio (RES) could allow a remote authenticated attacker to execute arbitrary commands on the cluster-manager EC2 instance. This is possible through crafted input when utilizing the FileBrowser functionality.

Recommendations Upgrade to RES version 2026.03 or apply the corresponding mitigation patch.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-5709

Affected Products

Research/Engineering Studio

PT-2026-30747 · Amazon Web Services · Research/Engineering Studio

CVE-2026-5709

Weakness Enumeration

Related Identifiers

Affected Products

References · 6