What is 2026-025-AWS?

2026-025-AWS is a security advisory published by AWS Security Bulletins. CVE-2026-7791 - Local Privilege Escalation via TOCTOU Race Condition in Amazon WorkSpaces Skylight Agent

Which CVE IDs does 2026-025-AWS cover?

2026-025-AWS covers the following CVE IDs: CVE-2026-7791. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

2026-025-AWS

CVE-2026-7791 - Local Privilege Escalation via TOCTOU Race Condition in Amazon WorkSpaces Skylight Agent

Vendor

AWS Security Bulletins

Published

May 4, 2026

Last Modified

—

🔗 CVE IDs covered (1)

CVE-2026-7791 →

📋 Description

Bulletin ID: 2026-025-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/05/04 15:30 PM PDT Description: Amazon Skylight Workspace Config Service ( slwsconfigservice) is a critical background service within Amazon WorkSpaces that manages system configuration, monitors health, and updates components. We identified CVE-2026-7791 which allows a local non-admin authenticated user to escalate privileges to SYSTEM by exploiting a race condition in the Skylight Workspace Config Service's log file archival process. Impacted versions: Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

🔗 References (1)

advisoryhttps://aws.amazon.com/security/security-bulletins/rss/2026-025-aws/