Privilege Escalation Issue in AWS Research and Engineering Studio
CVE-2026-5708

8.7HIGH

Key Information:

Vendor

Aws

Status
Research And Engineering Studio (res)
Vendor
CVE Published:
6 April 2026

What is CVE-2026-5708?

An exploit exists in the session creation component of AWS Research and Engineering Studio prior to version 2026.03. This vulnerability allows an authenticated remote user to manipulate user-modifiable attributes, potentially leading to privilege escalation. Attackers could assume the host instance profile permissions of the virtual desktop and interact with AWS resources and services through crafted API requests. To mitigate this risk, users should upgrade to version 2026.03 or apply the necessary mitigating patches.

Affected Version(s)

Research and Engineering Studio (RES) 2023.11 <= 2025.12.01

References

https://github.com/aws/res/releases/tag/2026.03
release-notes
https://github.com/aws/res/issues/149
patch
https://aws.amazon.com/security/security-bulletins/2026-0...
vendor-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.