Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration.
To remediate this issue, users should upgrade to version 1.103.0.
AnalysisAI
Command injection in Amazon ECS Agent on Windows allows authenticated attackers with task definition permissions to execute arbitrary shell commands with SYSTEM privileges on the underlying host. The vulnerability exists in the FSx Windows File Server volume mounting component (versions prior to 1.103.0), where username field input is not properly sanitized before being passed to OS commands. This affects AWS customers running Windows-based ECS container workloads with FSx volumes - exploitation requires IAM permissions to register ECS task definitions or write to credential stores (Secrets Manager/SSM Parameter Store) used by FSx configurations. Vendor-released patch: version 1.103.0. EPSS and KEV data not provided; no public exploit identified at time of analysis.
Technical ContextAI
This is a CWE-78 (OS Command Injection) vulnerability in the Amazon ECS Agent's Windows implementation, specifically the FSx for Windows File Server volume mounting subsystem. The affected component (cpe:2.3:a:aws:amazon_ecs_agent:*:*:*:*:*:*:*:*) processes ECS task definitions containing FSx volume configurations with credentials stored in AWS Secrets Manager or SSM Parameter Store. According to GitHub PR #4934 in the fix release, the vulnerability stems from unsafe direct interpolation of the username field into OS commands during the mount operation. Instead of sanitizing inputs before shell execution, the vulnerable code passes user-controlled task definition parameters directly to Windows command-line utilities with SYSTEM privileges. The patch remediation (v1.103.0) implements environment variable-based input handling to prevent command injection, alongside a Golang version bump to 1.25.9 for additional security improvements.
RemediationAI
Upgrade Amazon ECS Agent to version 1.103.0 or later per AWS Security Bulletin 2026-024-AWS (https://aws.amazon.com/security/security-bulletins/2026-024-aws/). The patch implements environment variable-based input handling for FSx volume mounting (GitHub PR #4934) to prevent command injection. For environments unable to immediately upgrade, implement compensating controls: (1) Audit and restrict IAM permissions for ecs:RegisterTaskDefinition, secretsmanager:PutSecretValue, and ssm:PutParameter actions to trusted principals only via least-privilege policies - note this may impact developer workflows requiring task definition updates; (2) Enable AWS CloudTrail logging for RegisterTaskDefinition API calls and configure CloudWatch alarms for unusual username patterns in task definition parameters (regex monitoring for shell metacharacters in FSx credential fields); (3) Consider temporarily disabling FSx for Windows File Server volume support on ECS clusters running vulnerable agent versions if the feature is not operationally required - this breaks existing FSx-dependent tasks. The patch also upgrades Golang to 1.25.9 for additional security improvements. Verify upgrade success by checking ECS agent version via AWS Systems Manager or container instance metadata.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26412