CVE-2026-5190

Published: Mar 31, 2026 Last Modified: Mar 31, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,7
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH 7,5
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages.

To remediate this issue, users should upgrade to version 0.6.0 or later.

787

Out-of-bounds Write

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Other
Potential Impacts:
Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Unexpected State
Applicable Platforms
Languages: Assembly, C, C++, Memory-Unsafe
Technologies: ICS/OT
Likelihood of Exploit: High
View CWE Details
https://aws.amazon.com/security/security-bulletins/2026-011…
https://aws.amazon.com/security/security-bulletins/2026-011-aws/
https://github.com/awslabs/aws-c-event-stream/releases/tag/…
https://github.com/awslabs/aws-c-event-stream/releases/tag/v0.6.0
https://github.com/awslabs/aws-c-event-stream/security/advi…
https://github.com/awslabs/aws-c-event-stream/security/advisories/GHSA-xvjw-fjq…