AWS Bedrock AgentCore SDK 1.4.8/1.5.0 Logleaks via OT Span Attrs
CVE-2026-15737 Published on July 16, 2026
Sensitive content disclosure via OpenTelemetry spans in AgentCore Python SDK
AWS Bedrock AgentCore Python SDK is an open-source Python library that provides client tools for building AI agents on the Amazon Bedrock AgentCore platform.
Unintended logging of sensitive user content in the OpenTelemetry instrumentation in AWS Bedrock AgentCore Python SDK versions 1.4.8 and 1.5.0 might allow a local authenticated user with access to CloudWatch Logs to access raw user prompts and agent responses containing sensitive data via span attributes. The SDK wrote raw user prompts and complete agent responses into OpenTelemetry span attributes on every invocation without filtering or masking. These spans flow into the customer's aws/spans CloudWatch log group, exposing sensitive content to any principal with log read access.
We recommend you upgrade to version 1.5.1 or later. Users who ran affected versions should also review and purge sensitive content from their aws/spans CloudWatch log groups.
Vulnerability Analysis
CVE-2026-15737 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2026-15737
Want to know whenever a new CVE is published for Aws Bedrock Agentcore? stack.watch will email you.
Affected Versions
AWS bedrock-agentcore:- Version 1.4.8 is affected.
- Version 1.5.0 is affected.