CVE-2026-5747 – AWS Firecracker
CVSS 7.5
IMPORTANT
“A weakness in virtualization layers can quietly break isolation and expose everything above it.”
AWS has released a security patch for CVE-2026-5747 affecting Firecracker, its lightweight virtualization technology used to run microVMs. This vulnerability impacts isolation controls between virtualized workloads and could allow attackers to interfere with or escape intended boundaries, posing a risk to multi-tenant environments. The CVSS score is 7.5, which is High severity.
There is no verified evidence of real-world exploitation or publicly available proof-of-concept code. However, due to Firecracker’s role in cloud infrastructure and serverless environments, this issue represents a meaningful risk to workload security and tenant isolation.
Key Details
- Attack Vector
- Local
- Attack Complexity
- High
- Privileges Required
- High
- User Interaction
- None
- CWE Classification
- CWE-369
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.