Which versions of Amazon ECS Agent are affected by EUVD-2026-26412?

Amazon ECS Agent versions prior to 1.103.0 contain a command injection vulnerability in Windows FSx volume mounting that allows authenticated users with task definition permissions to execute…. A patch is available.

Is there a public PoC exploit available for EUVD-2026-26412?

Yes, a public proof-of-concept exploit is available for EUVD-2026-26412. Prioritise patching immediately. EPSS: 0.0%.

Amazon ECS Agent EUVD-2026-26412

Q: What is the CVSS score of EUVD-2026-26412?

EUVD-2026-26412 has a CVSS 4.0 base score of 7.5 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-7461 HIGH

OS Command Injection (CWE-78)

2026-04-30 AMZN

Command Injection Microsoft

7.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 30, 2026 - 19:22 vuln.today

cvss_changed

CVSS changed

Apr 30, 2026 - 19:22 NVD

7.2 (HIGH) 7.5 (HIGH)

Source Code Evidence Fetched

Apr 30, 2026 - 19:16 vuln.today

Analysis Generated

Apr 30, 2026 - 19:16 vuln.today

EUVD ID Assigned

Apr 30, 2026 - 19:00 euvd

EUVD-2026-26412

Analysis Generated

Apr 30, 2026 - 19:00 vuln.today

Patch released

Apr 30, 2026 - 19:00 nvd

Patch available

CVE Published

Apr 30, 2026 - 18:35 nvd

HIGH 7.5

DescriptionNVD

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration.

To remediate this issue, users should upgrade to version 1.103.0.

AnalysisAI

Command injection in Amazon ECS Agent on Windows allows authenticated attackers with task definition permissions to execute arbitrary shell commands with SYSTEM privileges on the underlying host. The vulnerability exists in the FSx Windows File Server volume mounting component (versions prior to 1.103.0), where username field input is not properly sanitized before being passed to OS commands. …

RemediationAI

Within 24 hours: inventory all Windows ECS clusters and identify agents running versions below 1.103.0 using AWS Systems Manager or ECS API queries. Within 7 days: update ECS Agent to version 1.103.0 or later across all affected Windows instances; apply updates during maintenance windows to avoid container service interruption. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory