CVE-2026-12530 - Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()
highvulnerability
security
Source: AWS Security BulletinsJune 17, 2026
Summary
A vulnerability (CVE-2026-12530) was found in the AWS Bedrock AgentCore Python SDK's install_packages() method, which failed to properly block dangerous characters in package names before running them as shell commands. This allowed attackers to use flags like '--index-url' to redirect package downloads to fake servers or '-r' to read files from the sandbox system. Versions 1.1.3 through 1.6.0 are affected.
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Amazon
Related Issues
Monthly digest — independent AI security research
Original source: https://aws.amazon.com/security/security-bulletins/rss/2026-044-aws/
First tracked: June 17, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%