Primary

Context

AWS Research and Engineering Studio FileBrowser API Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in the FileBrowser API of AWS Research and Engineering Studio (RES) versions 2024.10 through 2025.12.01. This vulnerability allows remote authenticated users to execute arbitrary commands on the cluster-manager EC2 instance by injecting shell meta-characters into unsanitized file path parameters when using the FileBrowser functionality.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the cluster-manager EC2 instance.

Remediation

Users are advised to upgrade to AWS Research and Engineering Studio version 2026.03 or apply the corresponding mitigation patch to their existing environment. Instructions for applying the patch are available on the AWS GitHub repository.

Added: Apr 6, 2026, 10:18 PM

Updated: Apr 6, 2026, 10:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AWS Research and Engineering Studio FileBrowser API Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating