CVE Catalog

CVE-2026-12043

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile - higher than 25% of all known CVEs

Summary

Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution.

Risk Assessment

The organization may face serious security risks, including the potential for remote code execution by an attacker.

Recommendation

It is recommended to upgrade to aws-c-http version 0.11.0 to remediate this vulnerability.

Original NVD description (English source)

Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2 HEADERS frames. To remediate this issue, users should upgrade to aws-c-http version 0.11.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS