CVE-2026-5708 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 6, 2026
AWS Research and Engineering Studio - Broken Access Control
Published: April 6, 2026Updated: April 6, 2026Remote Exploitable
Overview
AWS Research and Engineering Studio (RES) < 2026.03 contains a broken access control vulnerability caused by unsanitized user-modifiable attributes in session creation, letting authenticated remote users escalate privileges and assume instance profile permissions, exploit requires authentication.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Authenticated users can escalate privileges and assume instance profile permissions to interact with AWS resources.
Mitigation
Upgrade to RES version 2026.03 or apply the corresponding mitigation patch.
References
Related Resources
Details
- CVE ID
- CVE-2026-5708
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_access_control
- Status
- new
CWE
- CWE-915
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H