VYPR
High severity8.8NVD Advisory· Published Apr 6, 2026· Updated Apr 10, 2026

CVE-2026-5708

CVE-2026-5708

Description

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request.

To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:amazon:research_and_engineering_studio:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:amazon:research_and_engineering_studio:*:*:*:*:*:*:*:*range: <2026.03
    • (no CPE)range: <2026.03

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.