CVE-2026-5190 - AWS C Event Stream Streaming Decoder Stack Buffer Overflow

AWS ยท 2026-06-05

Actions

Rate this issue

Technical Details

Affected Versions aws-c-event-stream < 0.6.0, aws-iot-device-sdk-cpp-v2 < 1.42.1, aws-iot-device-sdk-java-v2 < 1.30.1, aws-iot-device-sdk-python-v2 < 1.28.2, aws-iot-device-sdk-js-v2 < 1.25.1, aws-sdk-swift < 1.6.70, aws-sdk-cpp < 1.11.764
Regions all
CVE IDs CVE-2026-5190
Migration Required Yes
Cost Impact Neutral
IaC Impact High

What This Means

For DevOps Teams

Update all affected AWS SDKs and libraries to their latest versions to address the CVE-2026-5190 vulnerability and ensure secure communication with event-stream services.

For Platform Teams

Integrate the latest versions of AWS SDKs into your platform to enhance security and prevent potential memory corruption attacks.

For Executives

Implement immediate upgrades to mitigate the risk of arbitrary code execution due to the identified stack buffer overflow vulnerability in the AWS C Event Stream Streaming Decoder.

Source

View original AWS announcement โ†’

Weekly AWS Digest in Your Inbox

No spam, no headlines. Just a weekly summary of the 3โ€“7 AWS changes that matter for DevOps and Platform teams.

๐Ÿ“ง Exactly 1 email per week โ€ข Every Tuesday โ€ข Unsubscribe anytime

Today: AWS only. Coming next: Azure and other major clouds.