OPENSUSE-SU-2026:10848-1 amazon-ecs-init-1.103.0-2.1 on GA media

These are all security issues fixed in the amazon-ecs-init-1.103.0-2.1 package on the GA media of openSUSE Tumbleweed...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the username field in the FSx Windows File Server volume mounting process. An attacker can execute arbitrary shell commands with SYSTEM privileges on the underlying host by supplying specially crafted input. This i...

EUVD-2026-26412

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

CVE-2026-7461

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

CVE-2026-7461

CVE-2026-7461 affects the FSx Windows File Server volume mounting component inside Amazon ECS Agent on Windows, prior to version 1.103.0. The root cause is improper neutralization of inputs used in an OS command, allowing a remote authenticated actor to run shell commands with SYSTEM privileges o...