CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4270

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To remediate this issue, users should upgrade to version 1.3.9.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 3.0%

CVSS Severity

CVSS v3 Score 5.5

References

Products affected by CVE-2026-4270

Amazon » Aws Api Mcp Server » Version: 0.2.14

cpe:2.3:a:amazon:aws_api_mcp_server:0.2.14
Amazon » Aws Api Mcp Server » Version: 0.3.0

cpe:2.3:a:amazon:aws_api_mcp_server:0.3.0
Amazon » Aws Api Mcp Server » Version: 0.3.1

cpe:2.3:a:amazon:aws_api_mcp_server:0.3.1
Amazon » Aws Api Mcp Server » Version: 0.3.2

cpe:2.3:a:amazon:aws_api_mcp_server:0.3.2
Amazon » Aws Api Mcp Server » Version: 0.3.3

cpe:2.3:a:amazon:aws_api_mcp_server:0.3.3
Amazon » Aws Api Mcp Server » Version: 0.3.4

cpe:2.3:a:amazon:aws_api_mcp_server:0.3.4
Amazon » Aws Api Mcp Server » Version: 1.0.0

cpe:2.3:a:amazon:aws_api_mcp_server:1.0.0
Amazon » Aws Api Mcp Server » Version: 1.0.1

cpe:2.3:a:amazon:aws_api_mcp_server:1.0.1
Amazon » Aws Api Mcp Server » Version: 1.0.2

cpe:2.3:a:amazon:aws_api_mcp_server:1.0.2
Amazon » Aws Api Mcp Server » Version: 1.1.0

cpe:2.3:a:amazon:aws_api_mcp_server:1.1.0
Amazon » Aws Api Mcp Server » Version: 1.1.1

cpe:2.3:a:amazon:aws_api_mcp_server:1.1.1
Amazon » Aws Api Mcp Server » Version: 1.1.2

cpe:2.3:a:amazon:aws_api_mcp_server:1.1.2
Amazon » Aws Api Mcp Server » Version: 1.1.3

cpe:2.3:a:amazon:aws_api_mcp_server:1.1.3
Amazon » Aws Api Mcp Server » Version: 1.1.4

cpe:2.3:a:amazon:aws_api_mcp_server:1.1.4
Amazon » Aws Api Mcp Server » Version: 1.1.5

cpe:2.3:a:amazon:aws_api_mcp_server:1.1.5
Amazon » Aws Api Mcp Server » Version: 1.1.6

cpe:2.3:a:amazon:aws_api_mcp_server:1.1.6
Amazon » Aws Api Mcp Server » Version: 1.1.7

cpe:2.3:a:amazon:aws_api_mcp_server:1.1.7
Amazon » Aws Api Mcp Server » Version: 1.1.8

cpe:2.3:a:amazon:aws_api_mcp_server:1.1.8
Amazon » Aws Api Mcp Server » Version: 1.2.0

cpe:2.3:a:amazon:aws_api_mcp_server:1.2.0
Amazon » Aws Api Mcp Server » Version: 1.2.1

cpe:2.3:a:amazon:aws_api_mcp_server:1.2.1
Amazon » Aws Api Mcp Server » Version: 1.2.2

cpe:2.3:a:amazon:aws_api_mcp_server:1.2.2
Amazon » Aws Api Mcp Server » Version: 1.2.3

cpe:2.3:a:amazon:aws_api_mcp_server:1.2.3
Amazon » Aws Api Mcp Server » Version: 1.3.0

cpe:2.3:a:amazon:aws_api_mcp_server:1.3.0
Amazon » Aws Api Mcp Server » Version: 1.3.1

cpe:2.3:a:amazon:aws_api_mcp_server:1.3.1
Amazon » Aws Api Mcp Server » Version: 1.3.2

cpe:2.3:a:amazon:aws_api_mcp_server:1.3.2
Amazon » Aws Api Mcp Server » Version: 1.3.3

cpe:2.3:a:amazon:aws_api_mcp_server:1.3.3
Amazon » Aws Api Mcp Server » Version: 1.3.4

cpe:2.3:a:amazon:aws_api_mcp_server:1.3.4
Amazon » Aws Api Mcp Server » Version: 1.3.5

cpe:2.3:a:amazon:aws_api_mcp_server:1.3.5
Amazon » Aws Api Mcp Server » Version: 1.3.6

cpe:2.3:a:amazon:aws_api_mcp_server:1.3.6
Amazon » Aws Api Mcp Server » Version: 1.3.7

cpe:2.3:a:amazon:aws_api_mcp_server:1.3.7
Amazon » Aws Api Mcp Server » Version: 1.3.8

cpe:2.3:a:amazon:aws_api_mcp_server:1.3.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4270

Products

Pricing

Contact Us