Out-of-Bounds Write Vulnerability in AWS C Event Stream by Amazon
CVE-2026-5190

7.7HIGH

Key Information:

Vendor

Aws

Status
Aws-c-event-stream
Vendor
CVE Published:
31 March 2026

What is CVE-2026-5190?

An out-of-bounds write vulnerability exists in the streaming decoder component of AWS C Event Stream prior to version 0.6.0. This flaw could allow an attacker to manipulate server messages, potentially leading to memory corruption and enabling arbitrary code execution within client applications that process specially crafted event-stream messages. To mitigate this risk, it is recommended that users upgrade to version 0.6.0 or later.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

aws-c-event-stream 0.6.0

References

https://aws.amazon.com/security/security-bulletins/2026-0...
vendor-advisory
https://github.com/awslabs/aws-c-event-stream/security/ad...
third-party-advisory
https://github.com/awslabs/aws-c-event-stream/releases/ta...
patch

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.