CYBERSECURITY researchers have disclosed that Amazon Bedrock’s AgentCore Code Interpreter sandbox can perform outbound DNS queries, a flaw that could enable interactive shells, data exfiltration, and command execution when IAM permissions allow access to resources like S3. In response, BeyondTrust urged migrating from Sandbox to VPC mode for complete network isolation and recommended deploying a DNS firewall to filter outbound DNS traffic.
The disclosure coincides with LangSmith facing a high-severity account‑takeover risk tied to CVE-2026-25750 (CVSS 8.5), affecting both self-hosted and cloud deployments and addressed in LangSmith 0.12.71 released in December 2025. Separately, SGLang is affected by unsafe pickle deserialization with CVE-2026-3059, CVSS 9.8, and CVE-2026-3060, plus CVE-2026-3989 (CVSS 7.8), with CERT/CC warning that unauthenticated remote code execution is possible if the ZeroMQ broker is exposed. The article notes these flaws remain unpatched at the time of reporting, underscoring the need for careful access control and monitoring.