CVE-2026-4269 - Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
Bulletin ID: 2026-008-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/16 11:15 AM PDT Description: A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. Impacted versions: All versions of Bedrock AgentCore Starter Toolkit versions before v0.1.13. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected. Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
CSIRTS triage
- What
- Missing S3 ownership verification may allow a remote actor to inject code during the build process.
- Who is affected
- Users of Bedrock AgentCore Starter Toolkit versions before v0.1.13 who build the Toolkit after September 24, 2025.
- Urgency
- Remediation is critical to prevent code injection during the build process.
- Action
- Upgrade to Bedrock AgentCore Starter Toolkit version v0.1.13 or later.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Bedrock AgentCore Starter Toolkit
Get an email when a new Bedrock AgentCore Starter Toolkit advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://aws.amazon.com/security/security-bulletins/rss/2026-008-aws/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-42690.24% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 15% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-4269 | coverage & exploitation status | NVD · CVE.org |
Recent advisories for - Improper S3
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownCVE-2026-55881: OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob retur…nvd · 2026-07-10
- mediumCVE-2026-46413: Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 20…nvd · 2026-07-09
- mediumCVE-2026-55542: Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signatu…nvd · 2026-07-08
- highCVE-2026-55874: SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject d…nvd · 2026-07-08
- highCVE-2026-55418: FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file…nvd · 2026-07-07
- mediumCVE-2026-42147: Coolify is an open-source and self-hostable tool for managing servers, applications, and datab…nvd · 2026-07-07
More from AWS Security Bulletins
- unknownCVE-2026-14904 - Improper Link Resolution in Auth.GetUserPrivateKey in AWS Research and Engineering Studio2026-07-07
- unknownCVE-2026-14471 - Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-…2026-07-06
- unknownCVE-2026-14265- Deserialization of Untrusted Data in AWS Advanced JDBC Wrapper RemoteQueryCachePlugin2026-07-01
- unknownCVE-2026-13760 - OS Command Injection in NodejsFunction Docker Bundling in aws-cdk-lib2026-07-01
- unknownCVE-2026-13769 – Insecure file permissions in AWS CLI2026-07-01