CVE-2026-4269 in AWS Bedrock AgentCore Starter Toolkitinformação

Sumário

de MITRE • 16/03/2026

A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected.

To remediate this issue, customers should upgrade to version v0.1.13.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

AMZN

Reservar

16/03/2026

Divulgação

16/03/2026

Moderação

aceite

Entrada

VDB-351308

CPE

pronto

CWE

CWE-340 (confirmado)

CVSS

7.5 (CNA)

EPSS

0.00068

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-4269
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-4269
CVE Details	https://www.cvedetails.com/cve/CVE-2026-4269/

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!