CVE-2026-12043: AWS SDK HTTP/2 RCE Vulnerability
🔴 Critical | Source: AWS Security Bulletins A heap double-free vulnerability (CVE-2026-12043) has been identified in the AWS Common Runtime HTTP client library, affecting a wide range of AWS SDK versions for C++ and Java v2. A malicious server could exploit this by sending crafted HTTP/2 HEADERS frames to trigger memory corruption on a connecting client, potentially achieving arbitrary code execution. The vulnerability affects aws-c-http versions 0.4.22 through 0.10.15 and is exposed in widely used SDK releases. ...