CVE-2026-5708NVD

Vulnerability Summary

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request.

To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.

Severity Level

HIGH(8.8)

Published Date

Apr 6, 2026

Last Modified

Apr 7, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.06%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://github.com/aws/res/releases/tag/2026.03
https://github.com/aws/res/issues/149
https://aws.amazon.com/security/security-bulletins/2026-014-aws/

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-5708NVD

Vulnerability Summary

External References