EXECUTIVE SUMMARY:
The vulnerability CVE-2026-4269 affects the bedrock-agentcore-starter-toolkit package (pip), specifically all versions prior to 0.1.13, where improper S3 ownership verification can be exploited during the build process. It is assigned a CVSS v4 score of 5.8 (Moderate severity). The issue allows a remote attacker to inject malicious code into the build pipeline, which can subsequently be executed within the AgentCore Runtime environment. This weakness arises due to insufficient validation of resource ownership, enabling unauthorized manipulation of build artifacts. Successful exploitation could result in execution of attacker-controlled code, leading to compromise of the runtime environment. This may ultimately impact confidentiality, integrity, and availability of the affected system. The vulnerability primarily impacts users building the toolkit under vulnerable versions, exposing them to supply-chain style risks during deployment.
RECOMMENDATION:
We strongly recommend you update bedrock-agentcore-starter-toolkit to version 0.1.13.
REFERENCES:
The following reports contain further technical details: