A vulnerability was found in Amazon strands-agents-tools up to 0.6.x and classified as problematic. Impacted is an unknown function of the component Elasticsearch Memory Tool. The manipulation of the argument api_key results in server-side request forgery.
This vulnerability is reported as CVE-2026-15746. The attack can be launched remotely. No exploit exists.