CVE-2026-4269— Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-4269
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
Source: NVD (National Vulnerability Database)
Vulnerability Description
A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected. To remediate this issue, customers should upgrade to version v0.1.13.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可预测问题
Source: NVD (National Vulnerability Database)
Vulnerability Title
Bedrock AgentCore Starter Toolkit 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Bedrock AgentCore Starter Toolkit是Amazon Web Services开源的一个AI智能体开发与部署工具包。 Bedrock AgentCore Starter Toolkit v0.1.13之前版本存在安全漏洞,该漏洞源于缺少S3所有权验证,可能导致远程攻击者在构建过程中注入代码,进而在AgentCore Runtime中执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AWS | Bedrock AgentCore Starter Toolkit | 0.1.0 ~ 0.1.13 | - |
II. Public POCs for CVE-2026-4269
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-4269
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: AWS
- CVE-2026-7461
OS Command Injection in Amazon ECS Agent via FSx Windows Fil - CVE-2026-7426
Out-of-Bounds Write via Unsanitized Prefix Length in Router - CVE-2026-7425
Out-of-Bounds Read in Router Advertisement Option Parser in - CVE-2026-7424
Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Pl - CVE-2026-7423
Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-
Same weakness: CWE-340
- CVE-2026-5084
WebDyne::Session versions through 2.075 for Perl generates t - CVE-2026-5081
Apache::Session::Generate::ModUniqueId versions from 1.54 th - CVE-2026-5080
Dancer::Session::Abstract versions through 1.3522 for Perl g - CVE-2026-5085
Solstice::Session versions through 1440 for Perl generates s - CVE-2026-5083
Ado::Sessions versions through 0.935 for Perl generates inse
V. Comments for CVE-2026-4269
No comments yet