CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

CVE-2026-7461

CVE-2026-7461 affects the FSx Windows File Server volume mounting component inside Amazon ECS Agent on Windows, prior to version 1.103.0. The root cause is improper neutralization of inputs used in an OS command, allowing a remote authenticated actor to run shell commands with SYSTEM privileges o...

CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: istio-fips, datadog-agent, coredns, rancher-machine, flux-source-watcher-fips, sonobuoy, aws-flb-kinesis-fips, mesosphere-vsphere-csi, vault-csi-provider, redpanda, cephcsi-fips, mattermost, grafana-operator, slsa-verifier, ko, spire-server, azuredisk-csi-fips, rclon...

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: istio-fips, datadog-agent, coredns, rancher-machine, flux-source-watcher-fips, sonobuoy, aws-flb-kinesis-fips, mesosphere-vsphere-csi, vault-csi-provider, redpanda, cephcsi-fips, mattermost, grafana-operator, slsa-verifier, ko, spire-server, azuredisk-csi-fips, rclon...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: istio-fips, datadog-agent, cri-tools, dragonfly-operator-fips, fluxcd-kustomize-mutating-webhook, ghaudit, prometheus-beat-exporter-fips, nri-elasticsearch-fips, seaweedfs-operator-fips, flux-image-reflector-controller-fips, kubescape-operator,...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: istio-fips, datadog-agent, cri-tools, dragonfly-operator-fips, kubeflow-pipelines, cfssl-fips, prometheus-beat-exporter-fips, nri-elasticsearch-fips, gotenberg, seaweedfs-operator-fips, flux-image-reflector-controller-fips, longhorn-instance-manager-fips, steampipe,...

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: istio-fips, datadog-agent, cri-tools, gotenberg, seaweedfs-operator-fips, flux-image-reflector-controller-fips, longhorn-instance-manager-fips, steampipe, coredns, cloudprober, crossplane-provider-sql-fips, etcd-fips, rancher-machine, trino,...

EUVD-2025-24858

Malicious code in bioql PyPI...

CVE-2025-9039 Information Disclosure in Amazon ECS Container Agent

We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is...

PT-2025-33310

Name of the Vulnerable Software and Affected Versions: Amazon ECS agent versions 0.0.3 through 1.97.0 Description: An issue was identified in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the sa...