vulnerability context

CVE-2026-10740

CVSS 5.3 MEDIUMEPSS 21%CWE-770OTX 3 pulses

Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2.

Published 2026-06-10 · last modified 2026-06-17

details

CISA KEV status: Not in catalog
CVSS v3: 5.3 / MEDIUM
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS: 21% percentile (score 0.0029)
CWE: CWE-770
OTX pulses: 3 total, 0 recent

View on NVD → · cve.org

source mentions 2

CVE-2026-10740 - Excessive memory allocation in s2n-quicAWS Security Bulletins · 14d ago
CVE-2026-10740 - Excessive memory allocation in s2n-quicAWS Security Bulletins · 14d ago

source consensus

AWS Security Bulletins2×

Want the 3-bullet summary of CVE-2026-10740, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →