CVE-2026-12043 – Heap double-free in AWS Common Runtime aws-c-http

CVE ID :CVE-2026-12043

Published : June 12, 2026, 6:35 p.m. | 47 minutes ago

Description :Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2 HEADERS frames.

To remediate this issue, users should upgrade to aws-c-http version 0.11.0.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-54397 – MISP event editing allows unauthorized assignment to undisclosed sharing groups

CVE-2026-53607 – @apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header

CVE-2026-4870 – Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.

CVE-2026-53606 – sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes