What is 2026-011-AWS?

2026-011-AWS is a security advisory published by AWS Security Bulletins. CVE-2026-5190 - AWS C Event Stream Streaming Decoder Stack Buffer Overflow

Which CVE IDs does 2026-011-AWS cover?

2026-011-AWS covers the following CVE IDs: CVE-2026-5190. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

2026-011-AWS

CVE-2026-5190 - AWS C Event Stream Streaming Decoder Stack Buffer Overflow

Vendor

AWS Security Bulletins

Published

April 14, 2026

Last Modified

—

🔗 CVE IDs covered (1)

CVE-2026-5190 · pending

📋 Description

Bulletin ID: 2026-011-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/31 10:15 AM PDT Description: AWS Common Runtime library is used by several AWS SDKs to communicate with event-stream services (Ex. Kinesis, Transcribe). We identified CVE-2026-5190. AWS Common Runtime event-stream decoder component before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. Impacted versions: - aws-c-event-stream - aws-iot-device-sdk-cpp-v2 - aws-iot-device-sdk-java-v2 - aws-iot-device-sdk-python-v2 - aws-iot-device-sdk-js-v2 - aws-sdk-swift - aws-sdk-cpp
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

🔗 References (1)

advisoryhttps://aws.amazon.com/security/security-bulletins/rss/2026-011-aws/