CVE-2026-4269
March 16, 2026
A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected.
To remediate this issue, customers should upgrade to version v0.1.13.
Affected Packages
https://github.com/aws/bedrock-agentcore-starter-toolkit.git (GITHUB):
Affected version(s) >=v0.1.0 <v0.1.13Fix Suggestion:
Update to version v0.1.13bedrock-agentcore-starter-toolkit (PYTHON):
Affected version(s) >=0.0.1 <0.1.13Fix Suggestion:
Update to version 0.1.13Related Resources (6)
Do you need more information?
Contact UsCVSS v4
Base Score:
5.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
EPSS
Base Score:
0.05
