AWS has identified a critical vulnerability, CVE-2026-5190, in the AWS Common Runtime library's event-stream decoder component. This flaw could enable a malicious server to trigger memory corruption and arbitrary code execution on client applications processing specially crafted event-stream messages. The vulnerability affects versions of aws-c-event-stream prior to 0.6.0, as well as several higher-level AWS SDKs that expose event-stream functionality. Users are urged to update to the specified patched versions of the impacted libraries as soon as possible to mitigate this risk. Refer to the official AWS article for comprehensive and current details on this security bulletin.