CVE-2026-5708— Amazon Web Services Research and Engineering Studio 安全漏洞

Improper Control of User-Modifiable Attributes in RES CreateSession API

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-915

Amazon Web Services Research and Engineering Studio 安全漏洞

Amazon Web Services Research and Engineering Studio是美国亚马逊（Amazon）公司的一个基于云的研究和工程环境。 Amazon Web Services Research and Engineering Studio 2026.03之前版本存在安全漏洞，该漏洞源于会话创建组件中用户可修改属性未清理，可能导致远程认证用户通过特制API请求提升权限并获取虚拟桌面主机实例配置文件权限。

N/A

N/A