PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11393 AWS CVE debrief

CVE-2026-11393 is a HIGH severity vulnerability with a CVSS score of 8.8. The vulnerability is due to improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2. This could allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of another user in the same AWS account, via a crafted collaborationInstruction stored on a Bedrock Agent collaborator and later processed by that other user during agent import.

Vendor
AWS
Product
AgentCore CLI
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-08
Original CVE updated
2026-06-09
Advisory published
2026-06-08
Advisory updated
2026-06-09

Who should care

Users of AgentCore CLI before version 0.14.2, especially those using AWS AgentCore Runtime and Bedrock Agent.

Technical summary

The vulnerability arises from the lack of proper neutralization of triple-quote characters during Python code generation. This oversight could be exploited by an authenticated attacker to inject and execute arbitrary code.

Defensive priority

HIGH

Recommended defensive actions

  • Upgrade to AgentCore CLI version 0.14.2 or later.
  • Review and monitor collaborationInstructions stored on Bedrock Agent collaborators.
  • Ensure proper IAM execution role configurations for imported agents.

Evidence notes

Vendor: Unknown Vendor (candidate: Amazon).

Official resources

CVE-2026-11393 was published on 2026-06-08T19:16:41.270Z and modified on 2026-06-09T13:34:28.547Z.