GHSA-FC67-C4HG-Q653

Vulnerability from github – Published: 2026-05-07 01:22 – Updated: 2026-05-07 01:22
VLAI?
Summary
Amazon ECS Container Agent (Windows) is vulnerable to Information Disclosure
Details

Summary

Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. An issue exists where, under certain circumstances, improper input validation in the FSx Windows File Server volume mounting process allows command injection through specially crafted credentials.

Impact

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration.

To remediate this issue, users should upgrade to version 1.103.0.

Impacted versions: Version 1.47.0 through 1.102.2 of the ECS Agent for Windows

Patches

This issue only impacts ECS Windows worker instances. ECS on Fargate is not affected. This issue has been addressed in ECS agent version 1.103.0. Amazon ECS recommends upgrading to the latest Amazon ECS-optimized Windows AMI with an updated ECS agent version.

Workarounds

Customers who cannot update to the latest AMI can restrict ecs:RegisterTaskDefinition permissions to trusted IAM principals only and restrict write access to Secrets Manager secrets referenced in FSx volume configurations.

References

If you have any questions or comments about this advisory, Amazon ECS asks that users contact [AWS/Amazon] Security via vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

Acknowledgement

Amazon ECS would like to thank Sachin Patil for collaborating on this issue through the coordinated vulnerability disclosure process.

Severity ?
7.2 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.102.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/aws/amazon-ecs-agent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.47.0"
            },
            {
              "fixed": "1.103.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T01:22:45Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n[Amazon Elastic Container Service (Amazon ECS)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. An issue exists where, under certain circumstances, improper input validation in the FSx Windows File Server volume mounting process allows command injection through specially crafted credentials. \n\n### Impact\nImproper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration.\n\n\nTo remediate this issue, users should upgrade to version 1.103.0.\n\n**Impacted versions**: Version 1.47.0 through 1.102.2 of the ECS Agent for Windows\n\n### Patches\nThis issue only impacts ECS Windows worker instances. ECS on Fargate is not affected. This issue has been addressed in ECS agent version 1.103.0.  Amazon ECS recommends [upgrading](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_window-container_instance.html) to the [latest](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-windows-ami-versions.html) Amazon ECS-optimized Windows AMI with an updated ECS agent version.\n\n### Workarounds\nCustomers who cannot update to the latest AMI can restrict ecs:RegisterTaskDefinition permissions to trusted IAM principals only and restrict write access to Secrets Manager secrets referenced in FSx volume configurations.\n\n### References\nIf you have any questions or comments about this advisory, Amazon ECS asks that users contact [AWS/Amazon] Security via [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.\n\n### Acknowledgement\n\nAmazon ECS would like to thank Sachin Patil for collaborating on this issue through the coordinated vulnerability disclosure process.",
  "id": "GHSA-fc67-c4hg-q653",
  "modified": "2026-05-07T01:22:45Z",
  "published": "2026-05-07T01:22:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/aws/amazon-ecs-agent/security/advisories/GHSA-fc67-c4hg-q653"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aws/amazon-ecs-agent"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Amazon ECS Container Agent (Windows) is vulnerable to Information Disclosure"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.