AWS Research and Engineering Studio Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in AWS Research and Engineering Studio (RES) versions prior to 2026.03. This vulnerability allows an authenticated remote user to manipulate user-modifiable attributes in the session creation component, potentially escalating privileges and assuming the virtual desktop host instance profile permissions. Exploitation of this vulnerability could enable interaction with AWS resources and services through a crafted API request.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing users to gain elevated permissions on the virtual desktop host and interact with AWS resources and services as a result.

Remediation

Users are advised to upgrade to AWS Research and Engineering Studio version 2026.03 or apply the corresponding mitigation patch to their existing environment. Instructions for applying the patch are available on the AWS RES GitHub repository.