← Back to BrewedIntel
vulnerabilitycriticalCredential ExposureDNS TunnelingSandbox Escape

Apr 07, 2026 • Ori Hadad

Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox

Unit 42 researchers discovered critical vulnerabilities in Amazon Bedrock AgentCore's sandbox environment that allow attackers to escape isolation...

Source
Unit 42 (Palo Alto Networks)
Category
vulnerability
Severity
critical

Executive Summary

Unit 42 researchers discovered critical vulnerabilities in Amazon Bedrock AgentCore's sandbox environment that allow attackers to escape isolation protections. The vulnerabilities enable DNS tunneling as an exfiltration channel and permit credential exposure from within the sandbox. While no active exploitation has been observed, these findings represent significant risks to organizations using AWS Bedrock Agent services. Attackers could potentially leverage these techniques to bypass security boundaries and access sensitive credentials or data. Organizations using affected AWS services should review security configurations and implement additional monitoring for unusual DNS activity and credential access patterns from agent environments.

Summary

Unit 42 uncovers critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, demonstrating DNS tunneling and credential exposure. The post Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox appeared first on Unit 42 .

Published Analysis

Unit 42 researchers discovered critical vulnerabilities in Amazon Bedrock AgentCore's sandbox environment that allow attackers to escape isolation protections. The vulnerabilities enable DNS tunneling as an exfiltration channel and permit credential exposure from within the sandbox. While no active exploitation has been observed, these findings represent significant risks to organizations using AWS Bedrock Agent services. Attackers could potentially leverage these techniques to bypass security boundaries and access sensitive credentials or data. Organizations using affected AWS services should review security configurations and implement additional monitoring for unusual DNS activity and credential access patterns from agent environments. Unit 42 uncovers critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, demonstrating DNS tunneling and credential exposure. The post Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox appeared first on Unit 42 . Unit 42 uncovers critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, demonstrating DNS tunneling and credential exposure. The post Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox appeared first on Unit 42 .

Read original source