CVE-2026-5708

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request.

To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.

Vulnerability Details

Published Date

April 06, 2026

Last Modified

April 10, 2026

CWE ID

CWE-915

Source

NVD

Vendor

amazon

Product

research_and_engineering_studio

External References

https://aws.amazon.com/security/security-bulletins/2026-014-aws/
https://github.com/aws/res/issues/149
https://github.com/aws/res/releases/tag/2026.03

CVE-2026-5708

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment