CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-5747

unknowncovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: 2026-015-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/07 15:30 PM PDT Description: Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services. We identified CVE-2026-5747, an out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 that might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations. No AWS service is affected. Impacted versions: Firecracker >= 1.13.0 AND <= 1.14.3 AND 1.15.0 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

What
An out-of-bounds write issue in the virtio PCI transport may allow a local guest user to crash the Firecracker VMM process or execute arbitrary code on the host.
Who is affected
Local guest users with root privileges on Firecracker versions 1.13.0 through 1.14.3 and 1.15.0.
Urgency
Remediation is urgent due to the potential for arbitrary code execution on the host.
Action
Upgrade to a patched version of Firecracker.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-5747

Get an email if CVE-2026-5747 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-5747

CVE.org record

Embed the live status

CVE-2026-5747 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-5747 status](https://www.csirts.com/badge/CVE-2026-5747)](https://www.csirts.com/cve/CVE-2026-5747)