AWS has released a security bulletin regarding the Bedrock AgentCore Python SDK. A vulnerability, identified as CVE-2026-12530, has been discovered in the install_packages() method of the Code Interpreter client. This method failed to sufficiently sanitize package name arguments used in shell commands. Specifically, an incomplete blocklist allowed crafted inputs to bypass validation. This bypass could exploit pip's --index-url flag to redirect package installation to a malicious third-party server. Additionally, the -r flag could be used to read and expose arbitrary files within the Code Interpreter sandbox. The vulnerable versions of the SDK range from 1.1.3 up to, but not including, 1.6.1. Developers using these versions are strongly advised to take immediate action. Further details and the most current information can be found in the provided article.