CVE-2026-4269
Received Received - Intake
Code Injection via Missing S3 Ownership Check in Bedrock AgentCore

Publication date: 2026-03-16

Last updated on: 2026-03-16

Assigner: AMZN

Description
A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected. To remediate this issue, customers should upgrade to version v0.1.13.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-03-16
Generated
2026-05-07
AI Q&A
2026-03-16
EPSS Evaluated
2026-05-05
NVD
CVE-2026-4269
EUVD
EUVD-2026-12490
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
bedrock agentcore_starter_toolkit to 0.1.13 (exc)
aws bedrock_agentcore_starter_toolkit to 0.1.13 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-340 The product uses a scheme that generates numbers or identifiers that are more predictable than required.
CWE-283 The product does not properly verify that a critical resource is owned by the proper entity.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-4269 is a vulnerability in the Bedrock AgentCore Starter Toolkit versions before v0.1.13 caused by missing S3 ownership verification. This flaw allows a remote attacker to inject malicious code during the build process of the toolkit. As a result, the attacker can execute arbitrary code within the AgentCore Runtime environment.

This issue only affects users who built the toolkit after September 24, 2025, on versions prior to v0.1.13. Users on version v0.1.13 or later, or those who built earlier versions before that date, are not affected.


How can this vulnerability impact me? :

The vulnerability can allow a remote attacker to inject and execute arbitrary code in the AgentCore Runtime. This could lead to unauthorized actions being performed within the runtime environment, potentially compromising the security and integrity of systems using the affected toolkit.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade the Bedrock AgentCore Starter Toolkit to version v0.1.13 or later.

This upgrade ensures proper S3 ownership verification and prevents remote code injection during the build process.

Users who have built the toolkit after September 24, 2025 on versions prior to v0.1.13 are affected and should upgrade immediately.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart