PT-2026-36929 · Amazon · Amazon Workspaces
Published
2026-05-04
·
Updated
2026-05-04
·
CVE-2026-7791
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Amazon WorkSpaces for Windows versions prior to 2.6.2034.0
Description
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service allows a local non-admin authenticated user to place arbitrary files into arbitrary locations. This bypasses file system permission protections and can lead to local privilege escalation to SYSTEM.
Recommendations
Update to version 2.6.2034.0 or later.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amazon Workspaces