CVE-2026-4270
Received Received - Intake
Improper Access Control in AWS MCP Server Allows File Exposure

Publication date: 2026-03-16

Last updated on: 2026-03-16

Assigner: AMZN

Description
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To remediate this issue, users should upgrade to version 1.3.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-03-16
Generated
2026-05-07
AI Q&A
2026-03-16
EPSS Evaluated
2026-05-05
NVD
CVE-2026-4270
EUVD
EUVD-2026-12474
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
amazon web_services_api_mcp_server From 0.2.14 (inc) to 1.3.9 (exc)
amazon web_services_api_mcp_server 1.3.9
awslabs aws-api-mcp-server From 0.2.14 (inc) to 1.3.9 (exc)
awslabs aws-api-mcp-server 1.3.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-424 The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

There are no specific detection commands or methods provided in the available information to identify this vulnerability on your network or system.


Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2026-4270 is a vulnerability in the AWS API MCP Server, an open-source server that allows AI assistants to interact with AWS services via CLI commands. The server has a file access control feature with three modes: "workdir" (restricting file operations to a specific directory), "unrestricted" (full file system access), and "no-access" (blocking all local file path arguments).'}, {'type': 'paragraph', 'content': 'The vulnerability exists in versions 0.2.14 up to but not including 1.3.9, where improper protection of alternate file paths in the "no-access" and "workdir" modes allows attackers to bypass intended file access restrictions. This can lead to exposure of arbitrary local file contents within the MCP client application context.'}] [1]


How can this vulnerability impact me? :

This vulnerability can allow an attacker to bypass file access restrictions intended to protect local files when using the AWS API MCP Server. As a result, arbitrary local files may be exposed within the MCP client application context, potentially leaking sensitive or confidential information.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade the AWS API MCP Server to version 1.3.9 or later.

Ensure that any forks or derivative code of the AWS API MCP Server are also patched accordingly.

No workarounds are available, so upgrading is the only effective mitigation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart