CVE-2026-7791

Published: Mag 05, 2026 Last Modified: Mag 05, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,5
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH 7,8
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading to local privilege escalation to SYSTEM.

367

Time-of-check Time-of-use (TOCTOU) Race Condition

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Other Non-Repudiation
Potential Impacts:
Alter Execution Logic Unexpected State Modify Application Data Modify Files Or Directories Modify Memory Other Hide Activities
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
https://aws.amazon.com/security/security-bulletins/2026-025…
https://aws.amazon.com/security/security-bulletins/2026-025-aws/