MEDIUM
Amazon
CVE published 2026-03-16
CVE-2026-4269
CVE-2026-4269 is a build-time code injection issue in the AWS Bedrock AgentCore Starter Toolkit. According to the vendor and NVD, a missing S3 ownership verification before v0.1.13 can let a remote actor inject code during the build process, which may then lead to code execution in the AgentCore Runtime. The issue is limited to users of toolkit versions earlier than v0.1.13 who built, or still have build [truncated]