Amazon Ecs Agent
Approved changes feed: RSS · Atom
cpe:2.3:a:aws:amazon_ecs_agent:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aws (e6707f00-6abb-51df-808c-9e3417305027) |
|---|---|
| Product | Amazon Ecs Agent (93ddc738-78b3-5c0d-b39c-c83f1328bfe7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-7461 |
vulnerable | 2026-06-03 15:27:56.839169 |
OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials
HIGH (7.2)
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration.
To remediate this issue, users should upgrade to version 1.103.0.
Published: 2026-04-30T18:35:17.599Z
Updated: 2026-05-01T03:56:01.010Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.