{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5707", "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "state": "PUBLISHED", "assignerShortName": "AMZN", "dateReserved": "2026-04-06T16:11:18.532Z", "datePublished": "2026-04-06T21:25:48.404Z", "dateUpdated": "2026-04-07T15:09:31.614Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "shortName": "AMZN", "dateUpdated": "2026-04-06T21:25:48.404Z"}, "title": "Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "affected": [{"vendor": "AWS", "product": "Research and Engineering Studio (RES)", "versions": [{"status": "affected", "version": "2025.03", "lessThanOrEqual": "2025.12.01", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES)\u00a0version 2025.03 through 2025.12.01\u00a0might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name.\n\nTo remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES)&nbsp;version 2025.03 through 2025.12.01&nbsp;might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name.</p><p>To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.</p>"}]}], "references": [{"url": "https://github.com/aws/res/releases/tag/2026.03", "tags": ["release-notes"]}, {"url": "https://github.com/aws/res/issues/151", "tags": ["patch"]}, {"url": "https://aws.amazon.com/security/security-bulletins/2026-014-aws/", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T14:49:24.320804Z", "id": "CVE-2026-5707", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T15:09:31.614Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AWS", "product": "Research and Engineering Studio (RES)", "versions": [{"status": "affected", "version": "2025.03", "versionType": "custom", "lessThanOrEqual": "2025.12.01"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/aws/res/releases/tag/2026.03", "tags": ["release-notes"]}, {"url": "https://github.com/aws/res/issues/151", "tags": ["patch"]}, {"url": "https://aws.amazon.com/security/security-bulletins/2026-014-aws/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES)\u00a0version 2025.03 through 2025.12.01\u00a0might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name.\n\nTo remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.", "supportingMedia": [{"type": "text/html", "value": "<p>Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES)&nbsp;version 2025.03 through 2025.12.01&nbsp;might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name.</p><p>To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')"}]}], "providerMetadata": {"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "shortName": "AMZN", "dateUpdated": "2026-04-06T21:25:48.404Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5707", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-07T14:49:24.320804Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-07T14:49:28.561Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-5707", "state": "PUBLISHED", "dateUpdated": "2026-04-06T21:25:48.404Z", "dateReserved": "2026-04-06T16:11:18.532Z", "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "datePublished": "2026-04-06T21:25:48.404Z", "assignerShortName": "AMZN"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amazon:research_and_engineering_studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "37A2F72E-0B0A-4D66-94DA-E0D9D336E9E1", "versionEndExcluding": "2026.03", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES)\u00a0version 2025.03 through 2025.12.01\u00a0might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name.\n\nTo remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment."}], "id": "CVE-2026-5707", "lastModified": "2026-04-10T20:16:05.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}]}, "published": "2026-04-06T22:16:25.263", "references": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Vendor Advisory"], "url": "https://aws.amazon.com/security/security-bulletins/2026-014-aws/"}, {"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/aws/res/issues/151"}, {"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Release Notes"], "url": "https://github.com/aws/res/releases/tag/2026.03"}], "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[2025.03,2025.12.01]"}}], "enrichment": {"confidence": 93.0, "confidence_source": "matching", "scores": [{"score": 93.0, "source": "matching"}]}, "original": {"product": "Research and Engineering Studio (RES)", "source": "cna", "vendor": "AWS"}, "product": "research_and_engineering_studio", "vendor": "aws"}], "analysis": {"en": {"generated_at": "2026-04-10T21:27:15.091871+00:00", "value": {"mitigation_remediation": ["Upgrade to AWS Research and Engineering Studio 2026.03", "Apply the published mitigation patch to the existing environment if upgrade is not possible", "Enforce strict input validation or length restrictions on virtual desktop session names", "Monitor virtual desktop host logs for unexpected commands or shell activity"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects AWS Research and Engineering Studio versions 2025.03 through 2025.12.01. Any deployment of these releases is susceptible unless patched or upgraded to a newer version. The affected components are the session name processing logic that interfaces directly with system shell commands.", "description_and_impact": "Unsanitized input in the handling of virtual desktop session names in AWS Research and Engineering Studio (RES) allows an attacker to inject OS commands, granting the ability to execute arbitrary commands with root privileges on the virtual desktop host. This represents a high\u2011severity remote code execution vulnerability that can compromise the confidentiality, integrity, and availability of the affected environment. The weakness is a classic command injection scenario, classified as CWE\u201178.", "risk_and_exploitability": "The Common Vulnerability Scoring System gives this flaw a CVSS score of 8.7, indicating high severity. The Exploit Prediction Scoring System indicates the probability of exploitation is below 1\u202f%, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack requires remote authenticated access to the RES platform, meaning an attacker must have legitimate credentials or privilege escalation, but once authenticated, the exploitation path is straightforward\u2014crafting a malicious session name that injects commands via the OS shell. No publicly known exploits are currently documented, but the lack of input validation makes it a viable target for malicious actors."}}}}, "created": "2026-04-07T06:53:55.961935+00:00", "updated": "2026-04-13T14:27:33.461493+00:00", "vendors": ["aws", "aws$PRODUCT$research_and_engineering_studio"]}