Skip to main content

Firecracker

5 CVEs product

Monthly

CVE-2026-5747 HIGH PATCH This Week

Memory corruption in Amazon Firecracker's virtio PCI transport (versions 1.13.0-1.14.3, 1.15.0) enables guest root users to crash the host VMM process or achieve host code execution through malicious virtio queue register modifications post-device activation. Affects x86_64 and aarch64 architectures. While exploitation requires guest root privileges and high attack complexity (CVSS AC:H, PR:H), successful compromise breaches VM isolation boundaries with high impact to host confidentiality, integrity, and availability (CVSS 8.7). No public exploit identified at time of analysis; vendor-released patches available in versions 1.14.4 and 1.15.1.

Buffer Overflow RCE Firecracker
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-1386 MEDIUM This Month

Firecracker contains a vulnerability that allows attackers to a local host user with write access to the pre-created jailer directories to ove (CVSS 6.0).

Linux Firecracker Red Hat Suse
NVD GitHub
CVSS 3.1
6.0
EPSS
0.0%
CVE-2020-27174 HIGH PATCH This Week

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Firecracker
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-16843 MEDIUM This Month

In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Firecracker
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
CVE-2019-18960 CRITICAL Act Now

Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Firecracker
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Memory corruption in Amazon Firecracker's virtio PCI transport (versions 1.13.0-1.14.3, 1.15.0) enables guest root users to crash the host VMM process or achieve host code execution through malicious virtio queue register modifications post-device activation. Affects x86_64 and aarch64 architectures. While exploitation requires guest root privileges and high attack complexity (CVSS AC:H, PR:H), successful compromise breaches VM isolation boundaries with high impact to host confidentiality, integrity, and availability (CVSS 8.7). No public exploit identified at time of analysis; vendor-released patches available in versions 1.14.4 and 1.15.1.

Buffer Overflow RCE Firecracker
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

Firecracker contains a vulnerability that allows attackers to a local host user with write access to the pre-created jailer directories to ove (CVSS 6.0).

Linux Firecracker Red Hat +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Firecracker
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM This Month

In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Firecracker
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Firecracker
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy