{"data":{"id":"76a01b7c-2569-4719-89d2-e4b8dd746600","title":"CVE-2026-4269 - Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit","summary":"The Bedrock AgentCore Starter Toolkit (a tool for building AI agents on AWS) before version v0.1.13 has a vulnerability where it doesn't properly verify S3 ownership (S3 is AWS's cloud storage service). This missing check could allow an attacker to inject malicious code during the build process (when the software is being compiled), potentially leading to code execution in the running application. The vulnerability only affects users who built the toolkit after September 24, 2025.","solution":"Update to Bedrock AgentCore Starter Toolkit version v0.1.13 or later.","labels":["security"],"sourceUrl":"https://aws.amazon.com/security/security-bulletins/rss/2026-008-aws/","publishedAt":"2026-03-16T18:59:47.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["AWS","Bedrock","Bedrock AgentCore Starter Toolkit"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-03-16T18:59:47.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}