Skip to main content

Aws Api Mcp Server CVE-2026-4270

| EUVDEUVD-2026-12474 MEDIUM
Improper Protection of Alternate Path (CWE-424)
2026-03-16 AMZN GHSA-2cpp-j2fc-qhp7
6.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

5
CVSS changed
May 21, 2026 - 16:07 NVD
5.5 (MEDIUM) 6.8 (MEDIUM)
EUVD ID Assigned
Mar 16, 2026 - 17:19 euvd
EUVD-2026-12474
Analysis Generated
Mar 16, 2026 - 17:19 vuln.today
Patch released
Mar 16, 2026 - 17:19 nvd
Patch available
CVE Published
Mar 16, 2026 - 16:07 nvd
MEDIUM 5.5

DescriptionCVE.org

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context.

To remediate this issue, users should upgrade to version 1.3.9.

AnalysisAI

AWS API MCP Server versions 0.2.14 through 1.3.9 contain an improper path protection flaw in the no-access and workdir features that allows local attackers to bypass file access restrictions and read arbitrary files accessible to the MCP client application. An attacker with local access and user interaction can exploit this vulnerability to expose sensitive local file contents. Users should upgrade to version 1.3.9 or later to remediate this issue.

Technical ContextAI

The AWS API MCP Server (Model Context Protocol Server) is a Python-based library (cpe:2.3:a:aws:aws_api_mcp_server) that facilitates secure interaction between AI models and AWS APIs through a standardized protocol interface. The vulnerability stems from improper canonicalization or validation of file paths when the no-access and workdir restriction features are active, falling under CWE-424 (Improper Protection of Alternate Path), which classifies defects where alternate pathnames or representations bypass intended access controls. Affected versions 0.2.14 through 1.3.8 fail to properly normalize or validate user-supplied paths before enforcing directory boundaries, allowing techniques such as symbolic link traversal, path normalization tricks (e.g., '../' sequences, URL encoding, case variation), or other alternate path representations to escape the intended working directory sandbox and access files outside the restricted scope.

RemediationAI

Immediately upgrade AWS API MCP Server to version 1.3.9 or later via PyPI (https://pypi.org/project/awslabs.aws-api-mcp-server/1.3.9/), which resolves the path traversal bypass in the no-access and workdir features. For environments unable to patch immediately, implement filesystem-level access controls by running the MCP server process with minimal privilege (dedicated service account with read-only access to only necessary directories), enforce strict network segmentation to limit local access to trusted client applications, and apply OS-level sandboxing (seccomp, AppArmor, SELinux) to restrict file system syscalls. Conduct an audit of any MCP server instances deployed in the 0.2.14–1.3.8 range to identify potential information disclosure and review AWS credential exposure timelines.

Share

CVE-2026-4270 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy