CVE-2026-4270
Analyzed Analyzed - Analysis Complete
Improper Access Control in AWS MCP Server Allows File Exposure

Publication date: 2026-03-16

Last updated on: 2026-05-21

Assigner: AMZN

Description
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To remediate this issue, users should upgrade to version 1.3.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-05-21
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4270
EUVD
EUVD-2026-12474
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
amazon aws_api_mcp_server From 0.2.14 (inc) to 1.3.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-424 The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

I don't know

Detection Guidance

There are no specific detection commands or methods provided in the available information to identify this vulnerability on your network or system.

Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-4270 is a vulnerability in the AWS API MCP Server, an open-source server that allows AI assistants to interact with AWS services via CLI commands. The server has a file access control feature with three modes: "workdir" (restricting file operations to a specific directory), "unrestricted" (full file system access), and "no-access" (blocking all local file path arguments).'}, {'type': 'paragraph', 'content': 'The vulnerability exists in versions 0.2.14 up to but not including 1.3.9, where improper protection of alternate file paths in the "no-access" and "workdir" modes allows attackers to bypass intended file access restrictions. This can lead to exposure of arbitrary local file contents within the MCP client application context.'}] [1]

Impact Analysis

This vulnerability can allow an attacker to bypass file access restrictions intended to protect local files when using the AWS API MCP Server. As a result, arbitrary local files may be exposed within the MCP client application context, potentially leaking sensitive or confidential information.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the AWS API MCP Server to version 1.3.9 or later.

Ensure that any forks or derivative code of the AWS API MCP Server are also patched accordingly.

No workarounds are available, so upgrading is the only effective mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4270. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart