Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
Summary
| CVE | CVE-2026-4269 |
|---|---|
| State | PUBLISHED |
| Assigner | AMZN |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-03-16 18:16:11 UTC |
| Updated | 2026-05-11 14:34:12 UTC |
| Description | A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected. To remediate this issue, customers should upgrade to version v0.1.13. |
Risk And Classification
Primary CVSS: v4.0 5.8 MEDIUM from ff89ba41-3aa1-4d27-914a-91399e9639e5
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.000590000 probability, percentile 0.183640000 (date 2026-05-12)
Problem Types: CWE-283 | CWE-340 | CWE-340 CWE-340 Generation of Predictable Numbers or Identifiers | CWE-283 CWE-283 Unverified Ownership
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | ff89ba41-3aa1-4d27-914a-91399e9639e5 | Secondary | 5.8 | MEDIUM | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/C... |
| 4.0 | CNA | CVSS | 5.8 | MEDIUM | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H |
| 3.1 | ff89ba41-3aa1-4d27-914a-91399e9639e5 | Secondary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | CNA | CVSS | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVSS v4.0 Breakdown
Attack Vector
NetworkAttack Complexity
HighAttack Requirements
NonePrivileges Required
NoneUser Interaction
PassiveConfidentiality
NoneIntegrity
NoneAvailability
NoneSub Conf.
HighSub Integrity
HighSub Availability
HighCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Amazon | Bedrock Agentcore Starter Toolkit | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | AWS | Bedrock AgentCore Starter Toolkit | affected 0.1.0 0.1.13 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| aws.amazon.com/security/security-bulletins/2026-008-AWS | ff89ba41-3aa1-4d27-914a-91399e9639e5 | aws.amazon.com | Vendor Advisory |
| github.com/aws/bedrock-agentcore-starter-toolkit/releases/tag/v0.1.13 | ff89ba41-3aa1-4d27-914a-91399e9639e5 | github.com | Release Notes |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.