Amazon Workspaces
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Amazon Workspaces.
Recent Amazon Workspaces Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2026-05-04 | CVE-2026-7791 - Local Privilege Escalation via TOCTOU Race Condition in Amazon WorkSpaces Skylight Agent | May 4, 2026 |
| 2025-11-05 | Improper authentication token handling in the Amazon WorkSpaces client for Linux | November 5, 2025 |
| 2025-01-15 | Issue with Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV (CVE-2025-0500 and CVE-2025-0501) | January 15, 2025 |
| 2023-10-06 | Issue with Amazon WorkSpaces Windows Client Version 5.9 and 5.10 | October 6, 2023 |
By the Year
In 2026 there have been 1 vulnerability in Amazon Workspaces with an average score of 7.8 out of ten. Last year, in 2025 Workspaces had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Workspaces in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.00
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 7.80 |
| 2025 | 1 | 8.80 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 8.80 |
It may take a day or so for new Workspaces vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Amazon Workspaces Security Vulnerabilities
Privilege Escalation in Amazon WorkSpaces Skylight WS Config (before 2.6.2034)
CVE-2026-7791
7.8 - High
- May 04, 2026
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading to local privilege escalation to SYSTEM.
TOCTTOU
Amazon WorkSpaces Linux Client 2023-2024 Auth Token Leak to Local Users
CVE-2025-12779
8.8 - High
- November 05, 2025
Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user's authentication token from the shared client machine and access their WorkSpace. To mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Amazon Amazon WorkSpaces agent is affected by Integer Overflow
CVE-2021-43638
8.8 - High
- December 07, 2021
Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
Integer Overflow or Wraparound
Amazon WorkSpaces agent is affected by Buffer Overflow
CVE-2021-43637
8.8 - High
- December 07, 2021
Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
Classic Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Amazon Workspaces or by Amazon? Click the Watch button to subscribe.
