216.73.216.170

CVE-2026-12530

· Published 18/06/2026 00:16 · Author: The MITRE Corporation

Labels: CVE-2026-12530 2026-06-17CVE-2026-12530CWE-88ff89ba41-3aa1-4d27-914a-91399e9639e5

Essential information

Published
18/06/2026 00:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
7.3 HIGH (v3.1) 8.4 HIGH (v4.0)
CISA KEV
No
CWE
CWE-88
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CVSS metrics

Description

Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate this issue, users should upgrade to version 1.6.1.

NVD status

NVD
View on NVD