ZDI-26-246 CRITICAL 9.8 Published Mar 30, 2026

aws-mcp-server Command Injection Remote Code Execution Vulnerability

aws-mcp-server

This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.

Related CVE

CVE-2026-5058

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy