CVE-2026-5747

CVSS v3.1

7.5

High

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Amazon Firecracker versions 1.13.0 through 1.14.3 and version 1.15.0

Description A flaw exists in the virtio PCI transport of Amazon Firecracker that could allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host. This is possible through modification of virtio queue configuration registers after device activation. Code execution on the host requires additional conditions, such as a custom guest kernel or specific snapshot configurations.

Recommendations Upgrade to Amazon Firecracker version 1.14.4 or later. Upgrade to Amazon Firecracker version 1.15.1 or later.

Fix

Divide By Zero

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369CWE-787

Related Identifiers

CVE-2026-5747

OPENSUSE-SU-2026:10561-1

Affected Products

Amazon Aws Firecracker

CVE-2026-5747

Weakness Enumeration

Related Identifiers

Affected Products

References · 14