CVE-2026-11417: AWS CDK Command Injection in NodejsFunction Bundling
AWS CDK (Cloud Development Kit) contains a command injection vulnerability in how it bundles Node.js functions for local development and deployment. An attacker who can control certain bundling settings—such as external modules, code definitions, loaders, injections, or esbuild arguments—can inject shell commands that execute on the developer's machine when the CDK toolchain runs. This requires an attacker to have influence over the CDK application configuration, making it relevant primarily in shared development environments or when developers use untrusted CDK configurations.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.3 HIGH · CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-78
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-10 / 2026-06-17
NVD description (verbatim)
OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 (2.246.0 on Windows) might allow an actor who controls the value of one or more bundling properties (externalModules, define, loader, inject, or esbuildArgs) to execute arbitrary commands on the host running the CDK toolchain via injected shell metacharacters. This issue requires the threat actor to control the value of one or more of the affected bundling properties in the CDK application. To remediate this issue, users should upgrade to aws-cdk-lib 2.245.0 (2.246.0 on Windows) or later.
3 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-11417 is an OS command injection vulnerability (CWE-78) in the NodejsFunction local bundling pipeline of aws-cdk-lib versions before 2.245.0 (2.246.0 on Windows). The vulnerability stems from insufficient sanitization of user-controlled bundling properties (externalModules, define, loader, inject, esbuildArgs) when constructing shell commands during the bundling process. An attacker controlling these properties can inject shell metacharacters to break out of the intended command structure and execute arbitrary OS commands with the privileges of the user running the CDK toolchain. The CVSS 3.1 score of 7.3 (HIGH) reflects local attack vector, low attack complexity, low privilege requirement, and user interaction—appropriate given the need for an actor to control bundling property values within a CDK application.
Business impact
Organizations using AWS CDK in development or CI/CD pipelines face potential compromise of developer machines and build infrastructure. An attacker who can inject malicious bundling configurations could steal credentials, inject backdoors into deployments, exfiltrate source code, or pivot to cloud infrastructure. In CI/CD contexts, this could affect the integrity of all deployments processed through that pipeline. The impact is especially severe if CDK applications accept configuration from external sources (environment variables, configuration files, API inputs) without validation.
Affected systems
aws-cdk-lib versions prior to 2.245.0 on Linux/macOS and prior to 2.246.0 on Windows are affected. Any environment running the CDK toolchain to bundle Node.js functions using the NodejsFunction construct is vulnerable if bundling properties can be influenced by an untrusted actor. This includes developer workstations, CI/CD agents, and container-based build environments.
Exploitability
Exploitation requires control over one or more bundling properties within a CDK application. This is feasible if: (1) a developer uses a CDK config file or environment variables from an untrusted source, (2) a CDK application reads bundling settings from user input or external APIs, or (3) an attacker gains write access to a repository containing CDK code. The attack executes during the bundling phase (typically `cdk deploy` or `cdk synth`), with the injected commands running under the permissions of the CDK process owner. No CISA KEV listing or active in-the-wild exploitation is currently documented.
Remediation
Upgrade aws-cdk-lib to version 2.245.0 or later (2.246.0 on Windows). Additionally, apply input validation and sanitization to any bundling properties that originate from external sources, restrict access to CDK application files and configuration, and avoid accepting bundling settings from untrusted users or APIs. In CI/CD environments, ensure CDK toolchain processes run with minimal required privileges.
Patch guidance
Update aws-cdk-lib dependency in package.json (npm) or requirements.txt (Python) to >=2.245.0 for non-Windows or >=2.246.0 for Windows. Run `npm install` or `pip install --upgrade aws-cdk-lib` to pull the patched version. Verify the installed version with `npm list aws-cdk-lib` or `pip show aws-cdk-lib`. For monorepo or locked dependency setups, update lock files (package-lock.json, yarn.lock, poetry.lock) and re-validate that all transitive dependencies resolve correctly. Test bundling workflows in a staging environment before promoting to production pipelines.
Detection guidance
Monitor CDK deploy and synth operations for unexpected shell metacharacters (|, &, ;, >, <, $(), etc.) in bundling property values. Log and inspect environment variables and configuration files passed to CDK processes. In CI/CD logs, watch for unusual command execution or errors during the bundling phase that may indicate injection attempts. Network egress from CDK processes to unexpected destinations could signal data exfiltration post-exploitation. Implement static analysis of CDK code to flag dynamic or user-controlled bundling properties. Consider running CDK toolchain in sandboxed or containerized environments with restricted outbound access.
Why prioritize this
A CVSS score of 7.3 (HIGH) and the requirement for local access and user interaction might suggest lower urgency, but the attack surface is broad in development and CI/CD environments. Successful exploitation leads to arbitrary code execution on the host, potentially compromising credentials, source code, and the integrity of cloud deployments. Organizations should prioritize this patch if they use CDK in shared development environments, accept external configuration, or operate large CI/CD infrastructures. The low-privilege requirement (user level) is relevant because many developers and CI agents run without root, yet can still access sensitive credentials and deploy infrastructure.
Risk score, explained
The CVSS 3.1 score of 7.3 reflects: (1) Local attack vector—attacker must modify a value on or accessible from the target system; (2) Low attack complexity—no special conditions or user skills required to craft injection; (3) Low privilege requirement—standard user running CDK can be targeted; (4) User interaction required—a developer must run the bundling command; (5) High confidentiality, integrity, and availability impact—arbitrary command execution enables data theft, system modification, and denial of service. The score appropriately captures the severity of code execution while acknowledging the prerequisite of configuration access or influence.
Frequently asked questions
Can this be exploited without modifying the CDK application code?
Yes. If a CDK application reads bundling properties from environment variables, configuration files, command-line arguments, or external APIs without validation, an attacker can inject malicious values through those channels without touching the source code directly.
Does upgrading aws-cdk-lib automatically fix my deployments?
Upgrading the library fixes the vulnerability in future CDK runs, but does not retroactively secure deployments already made with vulnerable versions. Review any deployments made with affected versions to ensure no attacker-controlled code was injected during bundling.
Are only Node.js bundles affected?
The vulnerability is specific to the NodejsFunction construct and its local bundling pipeline. Other CDK constructs or external bundling tools are not directly affected, though any construct or process that constructs shell commands from user input may have similar risks.
What if we run CDK in a CI/CD pipeline with restricted permissions?
Running under a restricted user account or in a container with limited capabilities can reduce the impact of exploitation, but does not prevent the vulnerability itself. An attacker can still steal credentials, modify application code being deployed, or pivot to other systems accessible from the CI environment.
This analysis is based on the publicly disclosed CVE record and AWS vendor guidance as of June 2026. Security researchers should independently verify patch applicability, test in staging environments before production deployment, and review their specific CDK configurations for exposure to user-controlled bundling properties. SEC.co makes no guarantee regarding the completeness or real-time accuracy of this intelligence and recommends consultation with AWS support and internal security teams for critical infrastructure decisions. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2025-41265HIGHWaterfall WF-500 TX Host OS Command Injection (CVSS 7.2)
- CVE-2025-41266HIGHWaterfall WF-500 TX Host Command Injection Vulnerability Analysis
- CVE-2025-41267HIGHWaterfall WF-500 TX Host Command Injection Vulnerability
- CVE-2025-41279HIGHOS Command Injection in Waterfall WF-500 RX Host Administration WebUI
- CVE-2025-41281HIGHWaterfall WF-500 OS Command Injection
- CVE-2025-66273HIGHQNAP Command Injection in QTS and QuTS hero
- CVE-2025-66279HIGHQNAP NAS Command Injection – Admin Authentication Required, HIGH Severity
- CVE-2025-69755HIGHNeterbit NW-431F Router RCE and Data Exposure Vulnerability