CVE-2026-12530: Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

June 19, 2026

The AWS Bedrock AgentCore Python SDK (bedrock-agentcore) is an open-source SDK that enables developers to build, deploy, and manage agents on AWS Bedrock AgentCore. An issue exists in the install_packages() method of the Code Interpreter client where crafted package name arguments can bypass input validation and allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox.

References

aws.amazon.com/security/security-bulletins/2026-044-aws
github.com/advisories/GHSA-6rfw-mq36-jm8h
github.com/aws/bedrock-agentcore-sdk-python/security/advisories/GHSA-6rfw-mq36-jm8h
nvd.nist.gov/vuln/detail/CVE-2026-12530
pypi.org/project/bedrock-agentcore/1.6.1

Code Behaviors & Features

Detect and mitigate CVE-2026-12530 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →