CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-7791

criticalcovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: 2026-025-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/05/04 15:30 PM PDT Description: Amazon Skylight Workspace Config Service ( slwsconfigservice) is a critical background service within Amazon WorkSpaces that manages system configuration, monitors health, and updates components. We identified CVE-2026-7791 which allows a local non-admin authenticated user to escalate privileges to SYSTEM by exploiting a race condition in the Skylight Workspace Config Service's log file archival process. Impacted versions: < 2.6.2034.0 of the Windows Amazon Skylight Workspace Config Service (slwsconfigservice) Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

What
A race condition allows a local non-admin user to escalate privileges to SYSTEM.
Who is affected
Local authenticated users of the Skylight Workspace Config Service on affected versions.
Urgency
Remediation is critical due to the potential for local privilege escalation.
Action
Update to version 2.6.2034.0 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-7791

Get an email if CVE-2026-7791 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-7791

CVE.org record

Embed the live status

CVE-2026-7791 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-7791 status](https://www.csirts.com/badge/CVE-2026-7791)](https://www.csirts.com/cve/CVE-2026-7791)