Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-4269
Analyzed
More InfoOfficial Page
Source-ff89ba41-3aa1-4d27-914a-91399e9639e5
View Known Exploited Vulnerability (KEV) details
Published At-16 Mar, 2026 | 18:16
Updated At-11 May, 2026 | 14:34

A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected. To remediate this issue, customers should upgrade to version v0.1.13.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.8MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
amazon
amazon
>>bedrock_agentcore_starter_toolkit>>Versions before 0.1.13(exclusive)
cpe:2.3:a:amazon:bedrock_agentcore_starter_toolkit:*:*:*:*:*:python:*:*
Weaknesses
CWE IDTypeSource
CWE-283Secondaryff89ba41-3aa1-4d27-914a-91399e9639e5
CWE-340Secondaryff89ba41-3aa1-4d27-914a-91399e9639e5
CWE ID: CWE-283
Type: Secondary
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
CWE ID: CWE-340
Type: Secondary
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://aws.amazon.com/security/security-bulletins/2026-008-AWS/ff89ba41-3aa1-4d27-914a-91399e9639e5
Vendor Advisory
https://github.com/aws/bedrock-agentcore-starter-toolkit/releases/tag/v0.1.13ff89ba41-3aa1-4d27-914a-91399e9639e5
Release Notes
Hyperlink: https://aws.amazon.com/security/security-bulletins/2026-008-AWS/
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Resource:
Vendor Advisory
Hyperlink: https://github.com/aws/bedrock-agentcore-starter-toolkit/releases/tag/v0.1.13
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Resource:
Release Notes
Change History
0Changes found
Details not found