Bulletin ID: 2026-025-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 05/04/2026 15:15 PM PDT
 

Description:

Amazon Skylight Workspace Config Service (slwsconfigservice) is a  critical background service within Amazon WorkSpaces that manages system configuration, monitors health, and updates components. We identified CVE-2026-7791 which  allows a local non-admin authenticated user to escalate privileges to SYSTEM by exploiting a race condition in the Skylight Workspace Config Service's log file archival process.

Impacted versions: < 2.6.2034.0 of the Windows Amazon Skylight Workspace Config Service (slwsconfigservice)

Resolution:

This issue has been addressed in 2.6.2034.0 version. We recommend upgrading to the latest version.

References:

• CVE-2026-7791

Acknowledgment:

We would like to thank Cymulate for collaborating on this issue through the coordinated vulnerability disclosure process.

Please email aws-security@amazon.com with any security questions or concerns.