CVE-2026-12530
Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()
描述
### Summary The AWS Bedrock AgentCore Python SDK (bedrock-agentcore) is an open-source SDK that enables developers to build, deploy, and manage agents on AWS Bedrock AgentCore. An issue exists in the install_packages() method of the Code Interpreter client where crafted package name arguments can bypass input validation and allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox. ### Impact The install_packages() method constructs a 'pip install' shell command executed within the Code Interpreter sandbox using package name arguments provided by the caller. The method applied an incomplete blocklist that allowed crafted package name arguments - specifically pip flags such as '--index-url' and '-r' - to pass validation unchecked. A remote authenticated user who can influence the arguments passed to install_packages() could redirect package resolution to a third-party-controlled PyPI server, or expose the contents of arbitrary sandbox files and environment variables. **Impacted versions:** AWS Bedrock AgentCore Python SDK (bedrock-agentcore) versions >= 1.1.3 and < 1.6.1 ### Patches This issue has been addressed in bedrock-agentcore version 1.6.1. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes. ### Workarounds If you are unable to upgrade immediately, avoid passing any user-supplied or externally-influenced strings directly to install_packages(). Restrict calls to a fixed, hardcoded list of approved package names within your application code. ### References If you have any questions or comments about this advisory, we ask that you contact AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [[email protected]](mailto:[email protected]). Please do not create a public GitHub issue. We would like to thank Sergio Garcia for collaborating on this issue through the coordinated vulnerability disclosure process.
如何修補 CVE-2026-12530
要修補 CVE-2026-12530,請將受影響套件升級到下列已修補版本。
- —升級至 1.6.1 或更新版本
CVE-2026-12530 正在被利用嗎?
目前沒有被利用訊號。CVE-2026-12530 既不在 CISA KEV 也沒有最新的 EPSS 分數。