Platform
linux
Component
firecracker
Fixed in
1.14.4
1.15.1
CVE-2026-5747 describes an out-of-bounds write vulnerability discovered in the virtio PCI transport component of Amazon Firecracker, a virtualization technology. This flaw could allow a malicious guest user, possessing root privileges within the virtual machine, to potentially crash the Firecracker Virtual Machine Monitor (VMM) process or, under specific conditions, execute arbitrary code on the host system. The vulnerability affects Firecracker versions 1.13.0 through 1.15.1 on x86_64 and aarch64 architectures; an update to version 1.14.4 or later is available to address this issue.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
Upgrade Firecracker to version 1.14.4 or later, or to version 1.15.1 or later to mitigate this issue. The vulnerability allows a user with root privileges in the virtual machine environment to write out-of-bounds, which could lead to a VMM crash or, potentially, the execution of arbitrary code on the host.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5747 is a HIGH severity out-of-bounds write vulnerability in Amazon Firecracker Virtual Machine Monitor. It allows a privileged guest user to potentially crash the VMM or execute code on the host under specific conditions.
You are affected if you are running Firecracker versions 1.13.0 through 1.15.1 on x86_64 or aarch64 architectures. Check your current version and compare it to the affected range.
Upgrade to Firecracker version 1.14.4 or later to remediate this vulnerability. This update addresses the out-of-bounds write issue and prevents potential exploitation.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.