CVE-2026-7791

HIGH NVD

CVSS Score 7.8

Severity HIGH

Published May 04, 2026

Vendor unknown

Description

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading to local privilege escalation to SYSTEM.

References

https://aws.amazon.com/security/security-bulletins/2026-025-aws/