CVE-2026-5190

CVSS v3.1

7.5

High

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages.

To remediate this issue, users should upgrade to version 0.6.0 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2026-5190

Affected Products

Aws-C-Event-Stream

CVE-2026-5190

Weakness Enumeration

Related Identifiers

Affected Products

References · 4