CVE-2026-12530: AWS Bedrock AgentCore SDK pip Injection
🟠 High | Source: AWS Security Bulletins A vulnerability in the AWS Bedrock AgentCore Python SDK (versions 1.1.3 to 1.6.1) allows crafted package name arguments to bypass input sanitisation in the install_packages() method. An attacker could redirect pip to a malicious PyPI server to serve tampered packages, or use the ‘-r’ flag to read arbitrary files within the sandbox. The issue stems from an incomplete blocklist used to construct shell commands, rather than a safe argument-passing approach. ...