CVE-2026-11393: CWE-94: Improper Control of Generation of Code ('Code Injection') in AWS AgentCore CLI
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of another user in the same AWS account, via a crafted collaborationInstruction stored on a Bedrock Agent collaborator and later processed by that other user during agent import. To remediate this issue, users should upgrade to version 0.14.2.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-11393) in AWS AgentCore CLI arises from improper neutralization of triple-quote characters in Python code generation. An authenticated remote attacker can exploit this by submitting a specially crafted collaborationInstruction stored on a Bedrock Agent collaborator. When another user imports the agent, the malicious code executes with the imported agent's IAM execution role and also affects the local environment of that user within the same AWS account. The issue affects versions prior to 0.14.2, and AWS manages the remediation for this cloud-hosted service. The CVSS v3.1 score is 9.0 (critical), reflecting network attack vector, low attack complexity, required privileges, user interaction, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows an authenticated remote attacker to execute arbitrary code with the imported agent's IAM execution role privileges and on the local environment of another user in the same AWS account. This can lead to full compromise of the affected environment, including unauthorized access, modification, or destruction of data and disruption of services.
Mitigation Recommendations
A patch is available in AWS AgentCore CLI version 0.14.2. Users should upgrade to this version to remediate the vulnerability. Since this is a cloud-hosted service, AWS manages remediation on their side as well. Refer to the AWS security advisory at https://aws.amazon.com/security/security-bulletins/2026-040-aws/ for the latest guidance and confirmation of patch status.
CVE-2026-11393: CWE-94: Improper Control of Generation of Code ('Code Injection') in AWS AgentCore CLI
Description
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of another user in the same AWS account, via a crafted collaborationInstruction stored on a Bedrock Agent collaborator and later processed by that other user during agent import. To remediate this issue, users should upgrade to version 0.14.2.
CVSS v3.1
Score 9.0critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-11393) in AWS AgentCore CLI arises from improper neutralization of triple-quote characters in Python code generation. An authenticated remote attacker can exploit this by submitting a specially crafted collaborationInstruction stored on a Bedrock Agent collaborator. When another user imports the agent, the malicious code executes with the imported agent's IAM execution role and also affects the local environment of that user within the same AWS account. The issue affects versions prior to 0.14.2, and AWS manages the remediation for this cloud-hosted service. The CVSS v3.1 score is 9.0 (critical), reflecting network attack vector, low attack complexity, required privileges, user interaction, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows an authenticated remote attacker to execute arbitrary code with the imported agent's IAM execution role privileges and on the local environment of another user in the same AWS account. This can lead to full compromise of the affected environment, including unauthorized access, modification, or destruction of data and disruption of services.
Mitigation Recommendations
A patch is available in AWS AgentCore CLI version 0.14.2. Users should upgrade to this version to remediate the vulnerability. Since this is a cloud-hosted service, AWS manages remediation on their side as well. Refer to the AWS security advisory at https://aws.amazon.com/security/security-bulletins/2026-040-aws/ for the latest guidance and confirmation of patch status.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- AMZN
- Date Reserved
- 2026-06-05T16:15:22.377Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
- Vendor Advisory Urls
- [{"url":"https://aws.amazon.com/security/security-bulletins/2026-040-aws/","vendor":"AWS"}]
Threat ID: 6a27120ce29bf47b5072ecb6
Added to database: 6/8/2026, 7:03:40 PM
Last enriched: 6/8/2026, 7:18:42 PM
Last updated: 6/9/2026, 4:57:03 AM
Views: 14
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.