Home / Vulnerability Intelligence / CVE-2026-5708

CVE-2026-5708 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 7, 2026

AWS Research and Engineering Studio - Broken Access Control

Published: April 6, 2026Updated: April 7, 2026Remote Exploitable

Overview

AWS Research and Engineering Studio (RES) < 2026.03 contains a broken access control vulnerability caused by unsanitized user-modifiable attributes in session creation, letting authenticated remote users escalate privileges and assume instance profile permissions, exploit requires authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 11.7%(Probability of exploitation in next 30 days)

Impact

Authenticated users can escalate privileges and assume instance profile permissions to interact with AWS resources.

Mitigation

Upgrade to RES version 2026.03 or apply the corresponding mitigation patch.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 7, 2026

🟠 CVE-2026-5708 - High (8.8) Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop h... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5708/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-5708
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: unconfirmed
EPSS: 11.7%
Social Posts: 1

CWE

CWE-915

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

11.7%Probability of exploitation in the next 30 days