CVE-2026-5747EPSS p10.3%

CVE-2026-5747CVE-2026-5747

amazon / firecracker

Description

An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations. To remediate this, users should upgrade to Firecracker 1.14.4 or 1.15.1 and later.

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.20% probability of exploitation · percentile 10.3% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-0028
CVE
CVE-2025-61553
CVE
CVE-2026-34193
CVE
CVE-2025-0467
CVE
CVE-2026-0029
CVE
CVE-2025-41237
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.