Skip to main content

Bedrock Agentcore Starter Toolkit

1 CVEs product

Monthly

CVE-2026-4269 PyPI MEDIUM PATCH This Month

Remote code execution in Bedrock AgentCore Starter Toolkit versions before v0.1.13 allows unauthenticated attackers to inject malicious code during the build process by exploiting missing S3 ownership verification, affecting only users who built the toolkit after September 24, 2025. An attacker can achieve arbitrary code execution within the AgentCore Runtime environment. Users must upgrade to version v0.1.13 to remediate this vulnerability, as no patch is currently available for earlier versions.

RCE Bedrock Agentcore Starter Toolkit
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.0%
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Remote code execution in Bedrock AgentCore Starter Toolkit versions before v0.1.13 allows unauthenticated attackers to inject malicious code during the build process by exploiting missing S3 ownership verification, affecting only users who built the toolkit after September 24, 2025. An attacker can achieve arbitrary code execution within the AgentCore Runtime environment. Users must upgrade to version v0.1.13 to remediate this vulnerability, as no patch is currently available for earlier versions.

RCE Bedrock Agentcore Starter Toolkit
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy