cvedb.io
CVE-2026-5707
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2026-04-06T22:16:25.263 · Last modified 2026-06-17T10:59:32.067

Summary

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.

Affected products

amazon — research_and_engineering_studio

Does this affect you?

Add your gear to cvedb and we'll alert you only when amazon ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.