CVE-2026-4269: Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
An issue has been identified in the Bedrock AgentCore Starter Toolkit versions prior to v0.1.13 that may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime.
References
- aws.amazon.com/security/security-bulletins/2026-008-AWS
- github.com/advisories/GHSA-xfhr-q72q-jcrj
- github.com/aws/bedrock-agentcore-starter-toolkit
- github.com/aws/bedrock-agentcore-starter-toolkit/releases/tag/v0.1.13
- github.com/aws/bedrock-agentcore-starter-toolkit/security/advisories/GHSA-xfhr-q72q-jcrj
- nvd.nist.gov/vuln/detail/CVE-2026-4269
Code Behaviors & Features
Detect and mitigate CVE-2026-4269 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →