EUVD-2026-19548

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

CVE-2026-5707 Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

PT-2026-30745

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions 2025.03 through 2025.12.01 Description An issue exists in the virtual desktop session name handling that could allow a remote authenticated actor to execute arbitrary commands as root on the...

Published application launching locally

Launching a published browser application opens the local version instead rather than opening within the Virtual Desktop session. Ex. Internet Explorer...