HIGHCVE-2026-7791Published Modified CNA AMZN
CVE-2026-7791: Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading to local privilege escalation to SYSTEM.
Metrics
- CVSS v4.0
- 8.5
- Severity
- HIGH
- Fixed in
- 2.6.2034.0
- Affected Products
- 1
Fix available
2.6.2034.0
Affected packages
- Amazon / WorkspacesFixed in 2.6.2034.0
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences