Aws Api Mcp Server

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-4270 MEDIUM PATCH This Month

AWS API MCP Server versions 0.2.14 through 1.3.9 contain an improper path protection flaw in the no-access and workdir features that allows local attackers to bypass file access restrictions and read arbitrary files accessible to the MCP client application. An attacker with local access and user interaction can exploit this vulnerability to expose sensitive local file contents. Users should upgrade to version 1.3.9 or later to remediate this issue.

Authentication Bypass Aws Api Mcp Server

NVD GitHub VulDB

CVSS 3.1

5.5

EPSS

0.0%

CVE-2026-4270

EPSS 0% CVSS 5.5

MEDIUM PATCH This Month

AWS API MCP Server versions 0.2.14 through 1.3.9 contain an improper path protection flaw in the no-access and workdir features that allows local attackers to bypass file access restrictions and read arbitrary files accessible to the MCP client application. An attacker with local access and user interaction can exploit this vulnerability to expose sensitive local file contents. Users should upgrade to version 1.3.9 or later to remediate this issue.

Authentication Bypass Aws Api Mcp Server

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy