{"data":{"id":"6eeab884-f663-4ffe-a5b4-357551d404a8","title":"CVE-2026-11393 - Code Injection via Improper Triple-Quote Escaping in AgentCore CLI Bedrock Agent Import","summary":"```json\n{\n  \"summary\": \"A vulnerability (CVE-2026-11393) exists in AWS AgentCore CLI, a tool for managing AI agents on Amazon Bedrock. An attacker with certain permissions could inject malicious Python code by exploiting improper escaping of triple-quote characters (\"\"\") in a specific field, allowing the attacker's code to run if the generated file is executed. The vulnerability affects versions 0.4.0 through 0.14.1 and certain preview versions.\",\n  \"solution\": \"N/A -- no mitigation discussed in","solution":"N/A — no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://aws.amazon.com/security/security-bulletins/rss/2026-040-aws/","publishedAt":"2026-06-08T18:54:30.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["AWS","Amazon Bedrock","AgentCore"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-08T18:54:30.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}