https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 11 May 2026 06:15:20 +0000 https://vulnerability.circl.lu/sighting/40eaad27-cef8-4d5f-8c14-fad2c702c082/export {"uuid": "40eaad27-cef8-4d5f-8c14-fad2c702c082", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7461", "type": "seen", "source": "https://gist.github.com/alon710/685bd82e2bb849307786205498652c75", "content": "# GHSA-FC67-C4HG-Q653: CVE-2026-7461: OS Command Injection in Amazon ECS Agent for Windows via FSx Volume Credentials\n\n> **CVSS Score:** 7.2\n> **Published:** 2026-05-07\n> **Full Report:** https://cvereports.com/reports/GHSA-FC67-C4HG-Q653\n\n## Summary\nA high-severity OS command injection vulnerability exists in the Amazon ECS Agent for Windows (versions 1.47.0 to 1.102.0) that permits an authenticated attacker with task definition creation privileges to execute arbitrary commands as the SYSTEM user via crafted FSx Windows File Server volume credentials.\n\n## TL;DR\nThe Amazon ECS Agent for Windows improperly neutralizes user input when mounting FSx Windows File Server volumes. Attackers with task definition privileges can inject shell metacharacters into the username field, leading to OS command execution as SYSTEM. Administrators must upgrade to version 1.103.0.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **Vulnerability Type**: OS Command Injection\n- **CWE ID**: CWE-78\n- **CVSS v3.1 Base Score**: 7.2 (High)\n- **Attack Vector**: Network\n- **Privileges Required**: High (Task Definition Registration)\n- **Impact**: SYSTEM-level Arbitrary Code Execution\n- **Exploit Maturity**: Proof of Concept\n- **Fixed Version**: 1.103.0\n\n## Affected Systems\n\n- Amazon ECS Agent (Windows)\n- Amazon FSx for Windows File Server Integration\n- **Amazon ECS Agent (Windows)**: >= 1.47.0, < 1.103.0 (Fixed in: `1.103.0`)\n\n## Mitigation\n\n- Upgrade the Amazon ECS Agent to version 1.103.0 or later on all Windows instances.\n- Audit and enforce least privilege IAM policies for 'ecs:RegisterTaskDefinition' and 'ecs:RunTask' actions.\n- Implement CloudTrail monitoring to detect shell metacharacters in volume configuration credential fields.\n\n**Remediation Steps:**\n1. Open an administrative PowerShell session on the target Windows container instance.\n2. Stop the ECS service using the command: Stop-Service -Name \"ecs\".\n3. Download the latest agent zip file using: Invoke-WebRequest -Uri https://s3.us-east-1.amazonaws.com/amazon-ecs-agent-us-east-1/amazon-ecs-agent-latest.zip -OutFile agent.zip.\n4. Extract the archive using: Expand-Archive -Path agent.zip -DestinationPath .\n5. Verify the version using: ./amazon-ecs-agent.exe -version.\n6. Restart the ECS service using: Start-Service -Name \"ecs\".\n\n## References\n\n- [AWS Security Bulletin 2026-024-aws](https://aws.amazon.com/security/security-bulletins/2026-024-aws/)\n- [GitHub Advisory: GHSA-fc67-c4hg-q653](https://github.com/aws/amazon-ecs-agent/security/advisories/GHSA-fc67-c4hg-q653)\n- [NVD Vulnerability Detail: CVE-2026-7461](https://nvd.nist.gov/vuln/detail/CVE-2026-7461)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-FC67-C4HG-Q653) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-07T01:40:29.000000Z"} {"uuid": "40eaad27-cef8-4d5f-8c14-fad2c702c082", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7461", "type": "seen", "source": "https://gist.github.com/alon710/685bd82e2bb849307786205498652c75", "content": "# GHSA-FC67-C4HG-Q653: CVE-2026-7461: OS Command Injection in Amazon ECS Agent for Windows via FSx Volume Credentials\n\n> **CVSS Score:** 7.2\n> **Published:** 2026-05-07\n> **Full Report:** https://cvereports.com/reports/GHSA-FC67-C4HG-Q653\n\n## Summary\nA high-severity OS command injection vulnerability exists in the Amazon ECS Agent for Windows (versions 1.47.0 to 1.102.0) that permits an authenticated attacker with task definition creation privileges to execute arbitrary commands as the SYSTEM user via crafted FSx Windows File Server volume credentials.\n\n## TL;DR\nThe Amazon ECS Agent for Windows improperly neutralizes user input when mounting FSx Windows File Server volumes. Attackers with task definition privileges can inject shell metacharacters into the username field, leading to OS command execution as SYSTEM. Administrators must upgrade to version 1.103.0.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **Vulnerability Type**: OS Command Injection\n- **CWE ID**: CWE-78\n- **CVSS v3.1 Base Score**: 7.2 (High)\n- **Attack Vector**: Network\n- **Privileges Required**: High (Task Definition Registration)\n- **Impact**: SYSTEM-level Arbitrary Code Execution\n- **Exploit Maturity**: Proof of Concept\n- **Fixed Version**: 1.103.0\n\n## Affected Systems\n\n- Amazon ECS Agent (Windows)\n- Amazon FSx for Windows File Server Integration\n- **Amazon ECS Agent (Windows)**: >= 1.47.0, < 1.103.0 (Fixed in: `1.103.0`)\n\n## Mitigation\n\n- Upgrade the Amazon ECS Agent to version 1.103.0 or later on all Windows instances.\n- Audit and enforce least privilege IAM policies for 'ecs:RegisterTaskDefinition' and 'ecs:RunTask' actions.\n- Implement CloudTrail monitoring to detect shell metacharacters in volume configuration credential fields.\n\n**Remediation Steps:**\n1. Open an administrative PowerShell session on the target Windows container instance.\n2. Stop the ECS service using the command: Stop-Service -Name \"ecs\".\n3. Download the latest agent zip file using: Invoke-WebRequest -Uri https://s3.us-east-1.amazonaws.com/amazon-ecs-agent-us-east-1/amazon-ecs-agent-latest.zip -OutFile agent.zip.\n4. Extract the archive using: Expand-Archive -Path agent.zip -DestinationPath .\n5. Verify the version using: ./amazon-ecs-agent.exe -version.\n6. Restart the ECS service using: Start-Service -Name \"ecs\".\n\n## References\n\n- [AWS Security Bulletin 2026-024-aws](https://aws.amazon.com/security/security-bulletins/2026-024-aws/)\n- [GitHub Advisory: GHSA-fc67-c4hg-q653](https://github.com/aws/amazon-ecs-agent/security/advisories/GHSA-fc67-c4hg-q653)\n- [NVD Vulnerability Detail: CVE-2026-7461](https://nvd.nist.gov/vuln/detail/CVE-2026-7461)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-FC67-C4HG-Q653) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-07T01:40:29.000000Z"} https://vulnerability.circl.lu/sighting/40eaad27-cef8-4d5f-8c14-fad2c702c082/export Thu, 07 May 2026 01:40:29 +0000 https://vulnerability.circl.lu/sighting/c6155a26-96aa-4058-a168-4229d8d53465/export {"uuid": "c6155a26-96aa-4058-a168-4229d8d53465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7461", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3mle4disudb2h", "content": "Zero-Day to SYSTEM (RCE): Escaping AWS ECS Containers via OS Command Injection CVE-2026\u20137461\n\nhttps://medium.com/@sachinpatilsp/zero-day-to-system-escaping-aws-ecs-containers-via-os-command-injection-cve-2026-7461-3d44f5f367e8?source=rss------bug_bounty-5", "creation_timestamp": "2026-05-08T16:06:05.320067Z"} {"uuid": "c6155a26-96aa-4058-a168-4229d8d53465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7461", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3mle4disudb2h", "content": "Zero-Day to SYSTEM (RCE): Escaping AWS ECS Containers via OS Command Injection CVE-2026\u20137461\n\nhttps://medium.com/@sachinpatilsp/zero-day-to-system-escaping-aws-ecs-containers-via-os-command-injection-cve-2026-7461-3d44f5f367e8?source=rss------bug_bounty-5", "creation_timestamp": "2026-05-08T16:06:05.320067Z"} https://vulnerability.circl.lu/sighting/c6155a26-96aa-4058-a168-4229d8d53465/export Fri, 08 May 2026 16:06:05 +0000