CVE-2026-7791
HIGHAmazon Workspaces < 2.6.2034.0 - Authenticated Local Privilege Escalation via Log Rotation Race Condition
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2026-7791. PoCs published by BenZamir.
AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2026-7791, a local privilege escalation vulnerability in Amazon WorkSpaces. The exploit leverages a TOCTOU (Time-of-Check Time-of-Use) race condition and arbitrary file write to escalate privileges to SYSTEM by manipulating directory junctions and file operations in the Skylight Workspace Config Service.
Description
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading to local privilege escalation to SYSTEM.
Exploits (1)
This repository contains a functional proof-of-concept exploit for CVE-2026-7791, a local privilege escalation vulnerability in Amazon WorkSpaces. The exploit leverages a TOCTOU (Time-of-Check Time-of-Use) race condition and arbitrary file write to escalate privileges to SYSTEM by manipulating directory junctions and file operations in the Skylight Workspace Config Service.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H