Cyber Resilience

CVE-2026-5747

HighUpdated

Published: 08 April 2026

Published
08 April 2026
Modified
01 June 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0021 10.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5747 is a high-severity Divide By Zero (CWE-369) vulnerability in Amazon Firecracker. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5747 is an out-of-bounds write vulnerability in the virtio PCI transport component of Firecracker microVM, affecting versions 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 architectures. The issue stems from improper handling that allows modification of virtio queue configuration registers after device activation, classified under CWE-369 (Divide by Zero) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

A local attacker with root privileges inside a guest VM can exploit this vulnerability to crash the Firecracker VMM process or, under additional preconditions such as a custom guest kernel or specific snapshot configurations, potentially achieve arbitrary code execution on the host system.

Official advisories, including the AWS security bulletin and Firecracker GitHub security advisory (GHSA-776c-mpj7-jm3r), recommend upgrading to Firecracker 1.14.4 or 1.15.1 and later versions, with release notes available on GitHub detailing the fixes.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code…

more

on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations. To remediate this, users should upgrade to Firecracker 1.14.4 or 1.15.1 and later.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
Why these techniques?

Out-of-bounds write in Firecracker VMM virtio allows guest root to crash VMM or achieve host ACE, directly enabling VM escape to host and exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7426Same vendor: Amazon
CVE-2026-5708Same vendor: Amazon
CVE-2026-7461Same vendor: Amazon
CVE-2026-5707Same vendor: Amazon
CVE-2026-10591Same vendor: Amazon
CVE-2026-3338Same vendor: Amazon
CVE-2026-5709Same vendor: Amazon
CVE-2025-58150Shared CWE-787
CVE-2025-23206Same vendor: Amazon
CVE-2026-7424Same vendor: Amazon

Affected Assets

amazon
firecracker
1.15.0 · 1.13.0 — 1.14.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of the out-of-bounds write vulnerability in Firecracker's virtio PCI transport by patching to versions 1.14.4 or 1.15.1 and later.

prevent

Mandates validation of guest-provided inputs to virtio queue configuration registers to block invalid modifications causing out-of-bounds writes.

prevent

Implements memory safeguards such as guard pages and protections against unauthorized memory access to mitigate exploitation of the out-of-bounds write for host code execution.

References