CVE-2026-5709
Received Received - Intake
Command Injection in AWS RES FileBrowser Allows Remote Code Execution

Publication date: 2026-04-06

Last updated on: 2026-04-10

Assigner: AMZN

Description
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-06
Last Modified
2026-04-10
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5709
EUVD
EUVD-2026-19550
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
amazon research_and_engineering_studio to 2026.03 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves unsanitized input in the FileBrowser API of AWS Research and Engineering Studio (RES) versions 2024.10 through 2025.12.01. It allows a remote authenticated user to execute arbitrary commands on the cluster-manager EC2 instance by sending specially crafted input through the FileBrowser functionality.

Impact Analysis

The vulnerability can lead to remote command execution on the cluster-manager EC2 instance, which means an attacker with authentication could potentially take control of the affected system, manipulate data, disrupt services, or further compromise the environment.

Mitigation Strategies

To mitigate this vulnerability, users are advised to upgrade AWS Research and Engineering Studio (RES) to version 2026.03 or apply the corresponding mitigation patch to their existing environment.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5709. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart