CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-10740

highcovered by 2 sourcesfirst seen 2026-06-10
Bulletin ID: 2026-042-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/10/2026 11:15 AM PDT Description: s2n-quic is a Rust implementation of the QUIC protocol. We identified CVE-2026-10740, an issue of unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.82.0. An unauthenticated user can attempt to exhaust server memory on an s2n-quic endpoint by sending crafted CRYPTO frames with high offsets. The buffer used for processing CRYPTO frames does not enforce a maximum size. In the worst case, a single 1200-byte packet can cause approximately 9.4 MB of allocation. By repeatedly sending such packets, the resulting memory pressure could cause denial of service. No valid handshake is required. Impacted versions: < v1.82.0 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

What
Unbounded memory allocation can lead to denial of service by exhausting server memory.
Who is affected
Users of s2n-quic versions before 1.82.0.
Urgency
Remediation is important to prevent denial of service attacks.
Action
Update s2n-quic to version 1.82.0 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-10740

Get an email if CVE-2026-10740 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-10740

CVE.org record

Embed the live status

CVE-2026-10740 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-10740 status](https://www.csirts.com/badge/CVE-2026-10740)](https://www.csirts.com/cve/CVE-2026-10740)