PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15737 AWS CVE debrief

The AWS Bedrock AgentCore Python SDK, an open-source library for building AI agents on Amazon Bedrock AgentCore, had a vulnerability in versions 1.4.8 and 1.5.0. The OpenTelemetry instrumentation unintentionally logged sensitive user content, including raw user prompts and complete agent responses, without filtering or masking. These logs were written to span attributes and flowed into the customer's aws/spans CloudWatch log group. This exposure could allow a local authenticated user with access to CloudWatch Logs to access sensitive data.

Vendor
AWS
Product
bedrock-agentcore
CVSS
MEDIUM 5.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-16
Original CVE updated
2026-07-16
Advisory published
2026-07-16
Advisory updated
2026-07-16

Who should care

Users of AWS Bedrock AgentCore Python SDK versions 1.4.8 and 1.5.0 should be concerned as their sensitive data may have been exposed in CloudWatch Logs. System administrators and security teams responsible for monitoring and managing access to CloudWatch Logs are particularly affected.

Technical summary

The AWS Bedrock AgentCore Python SDK versions 1.4.8 and 1.5.0 had a vulnerability where OpenTelemetry instrumentation logged sensitive user content, including raw user prompts and agent responses, without proper filtering or masking. This sensitive data was written to span attributes and stored in the aws/spans CloudWatch log group, potentially exposing it to local authenticated users with access to these logs.

Defensive priority

Medium priority due to the potential for sensitive data exposure to local authenticated users with access to CloudWatch Logs.

Recommended defensive actions

  • Upgrade to version 1.5.1 or later of the AWS Bedrock AgentCore Python SDK.
  • Review and purge sensitive content from aws/spans CloudWatch log groups for users who ran affected versions.
  • Monitor CloudWatch Logs for sensitive content exposure.
  • Restrict access to CloudWatch Logs to only necessary personnel.
  • Implement additional logging and monitoring to detect potential misuse.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability. The AWS security bulletin and GitHub advisory offer additional context and mitigation strategies. The PyPI page for version 1.5.1 confirms the fix.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T18:16:42.537Z and has not been modified since then. The NVD entry is currently Received.