CVE-2026-5709

Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio RES version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediat...

CVE-2026-5708

CVE-2026-5708 concerns AWS Research and Engineering Studio (RES) prior to version 2026.03, where the session creation component allows unsanitized control of user-modifiable attributes. An authenticated remote user could escalate privileges, assume the virtual desktop host instance profile permis...

Amazon Web Services Research and Engineering Studio 安全漏洞

Amazon Web Services Research and Engineering Studio is a cloud-based research and engineering environment of Amazon, Inc. There is a security vulnerability in the version of Amazon Web Services Research and Engineering Studio from March 2025 to December 1, 2025. This vulnerability stems from the...

PT-2026-30746

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions prior to 2026.03 Description An issue exists in the session creation component of AWS Research and Engineering Studio RES where unsanitized control of user-modifiable attributes could allow an...

CVE-2025-12815

Summary of CVE-2025-12815 (AWS RES) : An ownership verification issue exists in the Virtual Desktop preview page of the Research and Engineering Studio (RES) on AWS, affecting versions prior to 2025.09. A remote user with network access may be able to view metadata from another user’s active desk...