A vulnerability in AWS CloudShell allowed users to gain unintended command-line access to the underlying AWS infrastructure. During a training session, a delegate unexpectedly received the identity context of an EC2 instance role within an ECS cluster, instead of the intended AWS account. This issue potentially bypassed existing controls aimed at preventing lateral movement and access to higher-privileged management roles.