PT-2026-60258 · Amazon · Strands-Agents-Tools
Published
2026-07-15
·
Updated
2026-07-15
·
CVE-2026-15746
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Strands Agents is an open-source Python SDK for building and running AI agents. The strands-agents-tools package provides pre-built tools for use with the SDK, including the elasticsearch memory tool for agent memory storage. We identified CVE-2026-15746, a server-side request forgery (SSRF) issue in the elasticsearch memory tool. The tool exposed its connection parameters (es url, cloud id, api key) as fields the large language model (LLM) could control through the tool schema. When a caller omitted the api key parameter, the tool fell back to the operator's ELASTICSEARCH API KEY environment variable and sent it to whichever host the LLM specified. A crafted prompt could cause the tool to connect to a threat-actor-controlled server and disclose the operator's Elasticsearch API key in the Authorization header.
We recommend you upgrade to strands-agents-tools version 0.7.0 or later. As a precautionary measure, we recommend all operators rotate their ELASTICSEARCH API KEY, even if there is no indication the credential was exposed.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Strands-Agents-Tools