Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.8
AWS API MCP Server: Bypassing File Access Restrictions
CVE-2026-4270
Summary
An older version of the AWS API MCP Server software has a flaw that could allow unauthorized access to sensitive files. This could expose confidential information. To fix this, update to the latest version of the software.
Original title
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file acc...
Original description
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context.
To remediate this issue, users should upgrade to version 1.3.9.
To remediate this issue, users should upgrade to version 1.3.9.
nvd CVSS3.1
5.5
nvd CVSS4.0
6.8
Vulnerability type
CWE-424
Published: 16 Mar 2026 · Updated: 16 Mar 2026 · First seen: 16 Mar 2026