CVE-2026-7191- Arbitrary Code Execution via Sandbox Bypass in QnABot on AWS
Bulletin ID: 2026-020-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 04/27/2026 13:15 PM PDT
Description:
QnABot on AWS is an open-source solution that provides a multi-channel, multi-language conversational interface powered by Amazon Lex, Amazon OpenSearch Service, and optionally Amazon Bedrock.
We identified CVE-2026-7191, where the improper use of the static-eval npm package may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context. By injecting a crafted conditional chaining expression via the Content Designer interface, an actor with Admin access could bypass the intended expression sandbox through JavaScript prototype manipulation. Successful exploitation may grant direct access to backend resources, including Lambda environment variables, OpenSearch indices, S3 objects, and DynamoDB tables, that are not exposed through normal administrative interfaces.
Impacted versions: <=7.2.4
Resolution:
This issue has been addressed in QnABot on AWS version 7.3.0. The static-eval dependency has been removed and replaced with a limited, custom expression evaluator. We recommend upgrading to a version > v7.2.4 and ensuring any forked or derivative code is patched to incorporate the new fixes.
Workarounds:
There is no workaround for this issue. Upgrade to version 7.3.0 or later.
References:
Acknowledgment:
We would like to thank Endor Labs for responsibly disclosing this issue to AWS.
Please email aws-security@amazon.com with any security questions or concerns.