CVE-2026-10740
Bulletin ID: 2026-042-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/10/2026 11:15 AM PDT Description: s2n-quic is a Rust implementation of the QUIC protocol. We identified CVE-2026-10740, an issue of unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.82.0. An unauthenticated user can attempt to exhaust server memory on an s2n-quic endpoint by sending crafted CRYPTO frames with high offsets. The buffer used for processing CRYPTO frames does not enforce a maximum size. In the worst case, a single 1200-byte packet can cause approximately 9.4 MB of allocation. By repeatedly sending such packets, the resulting memory pressure could cause denial of service. No valid handshake is required. Impacted versions: < v1.82.0 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
CSIRTS triage
- What
- Unbounded memory allocation can lead to denial of service by exhausting server memory.
- Who is affected
- Users of s2n-quic versions before 1.82.0.
- Urgency
- Remediation is important to prevent denial of service attacks.
- Action
- Update s2n-quic to version 1.82.0 or later.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-10740
Get an email if CVE-2026-10740 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.29% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 21% of all EPSS-scored CVEs.
Advisory coverage (2)
- highCVE-2026-10740 - Excessive memory allocation in s2n-quicaws · 2026-06-10
- unknownCVE-2026-10740 - Excessive memory allocation in s2n-quicaws · 2026-06-10
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-10740)