CVE-2026-14904
The CVE concerns AWS RES: an improper link resolution before file access (CWE-59) in Auth.GetUserPrivateKey could allow an authenticated remote user to substitute their SSH private key (~/.ssh/id_rsa) with a symlink and read arbitrary host files on the cluster-manager EC2 instance. Since the clus...