CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-7461 - OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

unknownCVE-2026-7461
Bulletin ID: 2026-024-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/30 13:30 PM PDT Description: Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. The Amazon ECS agent supports mounting FSx for Windows File Server volumes in task definitions on Windows EC2 instances. We identified CVE-2026-7461, a command injection issue in FSx volume mounting that enables code execution with SYSTEM privileges via a specially crafted credentials in ECS task definitions. Impacted versions: Version 1.47.0 through 1.102.2 of the ECS Agent for Windows Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

What
There is a command injection issue in FSx volume mounting that enables code execution with SYSTEM privileges.
Who is affected
Deployments of ECS Agent for Windows versions 1.47.0 through 1.102.2.
Urgency
Remediation is important as it allows for remote code execution with high privileges.
Action
Update to a patched version of the ECS Agent.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch ECS Agent

Get an email when a new ECS Agent advisory drops — max one per day, one-click unsubscribe.

Details

Source
AWS Security Bulletins (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-06-05
Exploitation
Not in CISA KEV at last sync

Original advisory: https://aws.amazon.com/security/security-bulletins/rss/2026-024-aws/

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-7461coverage & exploitation statusNVD · CVE.org

Recent advisories for - OS Command

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from AWS Security Bulletins