5 matches found
CVE-2026-15746
CVE-2026-15746 affects strands-agents-tools’ elasticsearch_memory tool (used with Strands Agents SDK). The tool’s schema exposed connection parameters (es_url, cloud_id, api_key); if api_key is omitted, it falls back to the operator’s ELASTICSEARCH_API_KEY and may be sent to a host chosen by an L...
EUVD-2026-44762
Strands Agents is an open-source Python SDK for building and running AI agents. The strands-agents-tools package provides pre-built tools for use with the SDK, including the elasticsearchmemory tool for agent memory storage. We identified CVE-2026-15746, a server-side request forgery SSRF issue i...
Use of Incorrectly-Resolved Name or Reference
Overview strands-agents is an A model-driven approach to building AI agents in just a few lines of code Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via dynamic tool module registration in ToolLoader. The loadtoolsfromfilepath and loadpythontoo...
nova-act (>=2.3.18.0 <=3.1.18.0) potentially affected by unknown CVE via strands-agents (=1.14.0)
strands-agents PYPI version =1.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on strands-agents and may be impacted: - nova-act =2.3.18.0, =3.1.18.0 Source cves: unknown CVE Source advisory: SNYK:PYTHON-STRANDSAGENTS-14157238...
Directory Traversal
Overview strands-agents is an A model-driven approach to building AI agents in just a few lines of code Affected versions of this package are vulnerable to Directory Traversal via the FileSessionManager.getsessionpath, FileSessionManager.getagentpath, S3SessionManager.getsessionpath, and...