9 matches found
CVE-2026-11393
Affected software: AgentCore CLI (v0.14.2 fix). Vulnerable path: Python code generation in AgentCore CLI before v0.14.2. Root cause: improper neutralization of triple-quote characters during code generation, enabling an authenticated remote actor to run arbitrary code. Impact: potential execution...
EUVD-2026-35187
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of anothe...
CVE-2026-11393 Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of anothe...
CVE-2026-11393
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of anothe...
CVE-2026-11393 Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of anothe...
PT-2026-47432
Name of the Vulnerable Software and Affected Versions AgentCore CLI versions prior to 0.14.2 Description Improper neutralization of triple-quote characters during Python code generation allows an authenticated remote actor to execute arbitrary code. This occurs when a crafted...
AgentCore CLI 代码注入漏洞
AgentCore CLI is an open-source AI agent development and deployment command-line tool developed by Amazon Web Services. Versions of AgentCore CLI prior to 0.14.2 contained a code injection vulnerability. This vulnerability stemmed from improper use of triple quotes in Python code generation. It...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception via the eventstream decoder process. An attacker can cause the host process to terminate unexpectedly by sending a crafted EventStream response frame containing a header value type byte outside the valid range...
AWS VDP: Non-Production API Endpoints for the bedrock-agent Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
The non-production API endpoints for the bedrock-agent service failed to log to CloudTrail, resulting in silent permission enumeration. A total of 26 non-production endpoints were found that could be used with standard IAM credentials without generating CloudTrail logs. This vulnerability was...