CVE-2026-11393 CRITICAL

CVE-2026-11393: Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import

Vendor Aws
Product AgentCore CLI
Weakness CWE-94 · Code injection
Published June 8, 2026
Last update June 8, 2026

CVSS base score

9.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of another user in the same AWS account, via a crafted collaborationInstruction stored on a Bedrock Agent collaborator and later processed by that other user during agent import. To remediate this issue, users should upgrade to version 0.14.2.

Key dates

02Disclosure timeline

June 8, 2026 CVE published
June 8, 2026 Record updated