PatchSiren cyber security CVE debrief
CVE-2026-10740 Amazon Web Services CVE debrief
CVE-2026-10740 is a medium-severity vulnerability in s2n-quic, a QUIC implementation. The vulnerability is caused by unbounded memory allocation in the CRYPTO frame reassembler, which may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted QUIC Initial packets.
- Vendor
- Amazon Web Services
- Product
- s2n-quic
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of s2n-quic before version 1.8.2 should upgrade to version 1.8.2 to remediate this issue.
Technical summary
The vulnerability has a CVSS score of 6.9 and is classified as CWE-770. It was published on 2026-06-10T19:16:32.470Z and last modified on 2026-06-10T20:19:35.917Z.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to s2n-quic version 1.8.2 or later.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4], [ref-5], and [ref-6].
Official resources
-
CVE-2026-10740 CVE record
CVE.org
-
CVE-2026-10740 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
ff89ba41-3aa1-4d27-914a-91399e9639e5
-
Source reference
ff89ba41-3aa1-4d27-914a-91399e9639e5
-
Source reference
ff89ba41-3aa1-4d27-914a-91399e9639e5
CVE-2026-10740 was published on 2026-06-10T19:16:32.470Z and last modified on 2026-06-10T20:19:35.917Z.