Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import
Summary
| CVE | CVE-2026-11393 |
|---|---|
| State | PUBLISHED |
| Assigner | AMZN |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-08 19:16:41 UTC |
| Updated | 2026-06-09 13:34:28 UTC |
| Description | Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of another user in the same AWS account, via a crafted collaborationInstruction stored on a Bedrock Agent collaborator and later processed by that other user during agent import. To remediate this issue, users should upgrade to version 0.14.2. |
Risk And Classification
Primary CVSS: v4.0 8.8 HIGH from ff89ba41-3aa1-4d27-914a-91399e9639e5
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.003400000 probability, percentile 0.256010000 (date 2026-06-15)
Problem Types: CWE-94 | CWE-94 CWE-94: Improper Control of Generation of Code ('Code Injection')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | ff89ba41-3aa1-4d27-914a-91399e9639e5 | Secondary | 8.8 | HIGH | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/C... |
| 4.0 | CNA | CVSS | 8.8 | HIGH | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
| 3.1 | ff89ba41-3aa1-4d27-914a-91399e9639e5 | Secondary | 9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
| 3.1 | CNA | CVSS | 9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
CVSS v4.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowAttack Requirements
PresentPrivileges Required
LowUser Interaction
ActiveConfidentiality
HighIntegrity
HighAvailability
HighSub Conf.
HighSub Integrity
HighSub Availability
HighCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
RequiredScope
ChangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | AWS | AgentCore CLI | affected 0.4.0 0.14.1 custom | Not specified |
| CNA | AWS | AgentCore CLI | affected 0.3.0-preview.7.0 1.0.0-preview.8 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.npmjs.com/package/@aws/agentcore/v/1.0.0-preview.9 | ff89ba41-3aa1-4d27-914a-91399e9639e5 | www.npmjs.com | |
| github.com/aws/agentcore-cli/releases/tag/v0.14.2 | ff89ba41-3aa1-4d27-914a-91399e9639e5 | github.com | |
| www.npmjs.com/package/@aws/agentcore/v/0.14.2 | ff89ba41-3aa1-4d27-914a-91399e9639e5 | www.npmjs.com | |
| github.com/aws/agentcore-cli/security/advisories/GHSA-m4x6-gwgp-4pm7 | ff89ba41-3aa1-4d27-914a-91399e9639e5 | github.com | |
| aws.amazon.com/security/security-bulletins/2026-040-aws | ff89ba41-3aa1-4d27-914a-91399e9639e5 | aws.amazon.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.