Skip to main content

CVE-2026-15737 - Sensitive content disclosure via OpenTelemetry spans in AgentCore Python SDK

Bulletin ID: 2026-058-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 07/16/2026 10:00 AM PDT

Description:

Bedrock AgentCore Python SDK (bedrock-agentcore) is an open-source Python library that provides client tools for building AI agents on the Amazon Bedrock AgentCore platform. We identified CVE-2026-15737 in the OpenTelemetry instrumentation of the SDK. Affected versions wrote raw user prompts and complete agent responses into OpenTelemetry span attributes on every invocation without filtering or masking. These spans flow into the customer's aws/spans CloudWatch log group, where a local authenticated user with CloudWatch Logs read access could access the potentially sensitive content.

Impacted versions: 1.4.8, 1.5.0

Resolution:

This issue has been addressed in Bedrock AgentCore Python SDK version 1.5.1 or later. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes. Users who ran affected versions should also review and purge sensitive content from their aws/spans CloudWatch log groups.

Workarounds:

No workarounds are available. Upgrade Bedrock AgentCore Python SDK to version 1.5.1 or later.

References:


Please email aws-security@amazon.com with any security questions or concerns.