CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-7461

unknowncovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: 2026-024-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/30 13:30 PM PDT Description: Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. The Amazon ECS agent supports mounting FSx for Windows File Server volumes in task definitions on Windows EC2 instances. We identified CVE-2026-7461, a command injection issue in FSx volume mounting that enables code execution with SYSTEM privileges via a specially crafted credentials in ECS task definitions. Impacted versions: Version 1.47.0 through 1.102.2 of the ECS Agent for Windows Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

What
There is a command injection issue in FSx volume mounting that enables code execution with SYSTEM privileges.
Who is affected
Deployments of ECS Agent for Windows versions 1.47.0 through 1.102.2.
Urgency
Remediation is important as it allows for remote code execution with high privileges.
Action
Update to a patched version of the ECS Agent.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-7461

Get an email if CVE-2026-7461 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-7461

CVE.org record

Embed the live status

CVE-2026-7461 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-7461 status](https://www.csirts.com/badge/CVE-2026-7461)](https://www.csirts.com/cve/CVE-2026-7461)