CVE-2026-12043
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk25th percentile - higher than 25% of all known CVEs
Summary
Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution.
Risk Assessment
The organization may face serious security risks, including the potential for remote code execution by an attacker.
Recommendation
It is recommended to upgrade to aws-c-http version 0.11.0 to remediate this vulnerability.
Original NVD description (English source)
Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2 HEADERS frames. To remediate this issue, users should upgrade to aws-c-http version 0.11.0.

