CVE-2026-4270: CVE-2026-4270: Local File Access Restriction Bypass in AWS API MCP Server

#security #cve #cybersecurity

CVE-2026-4270: Local File Access Restriction Bypass in AWS API MCP Server

Vulnerability ID: CVE-2026-4270
CVSS Score: 5.5
Published: 2026-03-17

CVE-2026-4270 is a medium-severity vulnerability in the AWS API MCP Server (awslabs.aws-api-mcp-server) that allows attackers to bypass local file system restrictions. Due to improper protection of alternate paths, an attacker can read arbitrary local files within the context of the Model Context Protocol (MCP) client application.

TL;DR

A path traversal vulnerability in the AWS API MCP Server allows attackers to bypass workdir restrictions and read arbitrary local files. Upgrading to version 1.3.9 remediates the issue.

Technical Details

CWE ID: CWE-424
Attack Vector: Local
CVSS Base Score: 5.5
EPSS Percentile: 1.76%
Impact: High Confidentiality (Arbitrary File Read)
Exploit Status: Unexploited / No Public PoC
CISA KEV: Not Listed

Affected Systems

AWS API MCP Server
Claude Desktop (when configured with the vulnerable MCP server)
Custom AI applications utilizing Model Context Protocol with the AWS server implementation
awslabs.aws-api-mcp-server: 0.2.14 <= Version < 1.3.9 (Fixed in: 1.3.9)

Mitigation Strategies

Upgrade to awslabs.aws-api-mcp-server version 1.3.9 or later
Run MCP clients in isolated environments such as containers or virtual machines
Enforce the Principle of Least Privilege for the user executing the MCP client application

Remediation Steps:

Identify installed versions using the command pip show awslabs.aws-api-mcp-server
Upgrade the vulnerable package using the command pip install --upgrade awslabs.aws-api-mcp-server
Restart any running instances of the MCP client or associated AI assistants to load the patched dependency
Audit logs for anomalous file access patterns outside the designated workdir