CVE-2026-4269
Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected. To remediate this issue, customers should upgrade to version v0.1.13.
| CWE | CWE-340 CWE-283 |
| Vendor | aws |
| Product | bedrock agentcore starter toolkit |
| Published | Mar 16, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for aws bedrock agentcore starter toolkit
Be the first to know when new high vulnerabilities affecting aws bedrock agentcore starter toolkit are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
AWS / Bedrock AgentCore Starter Toolkit
0.1.0 < 0.1.13