Denial of Service Vulnerability in s2n-quic by AWS
CVE-2026-10740

6.9MEDIUM

Key Information:

Vendor

Aws

Status
Vendor
CVE Published:
10 June 2026

What is CVE-2026-10740?

The unbounded memory allocation issue in the CRYPTO frame reassembler of AWS's s2n-quic prior to version 1.8.2 can allow an unauthenticated remote actor to exploit this vulnerability, causing a denial of service by sending specifically crafted QUIC Initial packets. This could potentially lead to degraded availability of the application, impacting users and services. It is highly recommended for users to upgrade to version 1.8.2 to mitigate the risk.

Affected Version(s)

s2n-quic 0 <= 1.8.1

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.