Description
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context.

To remediate this issue, users should upgrade to version 1.3.9.
Published: 2026-03-16
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local File Disclosure
Action: Patch
AI Analysis

Impact

The vulnerability is an improper protection of alternate path in the no‑access and workdir features of the AWS API MCP Server, identified as CWE‑424. It allows a bypass of intended file access restrictions, exposing arbitrary local file contents to the MCP client application context. The CVSS score of 6.8 indicates a moderate severity with a primary impact on confidentiality.

Affected Systems

Affected systems are AWS API MCP Server versions that are greater than or equal to 0.2.14 and less than 1.3.9, available on all platforms. The product is provided by Amazon Web Services.

Risk and Exploitability

The moderate CVSS score and lack of an EPSS rating mean the risk level is uncertain but significant if exploited. The vulnerability is not listed in the CISA KEV catalog. Exploitation appears to require some form of client interaction or local access to the MCP client application, as no explicit remote exploitation vector is documented. Attackers could leverage the path bypass to read sensitive local files if they have sufficient access to the MCP client context.

Generated by OpenCVE AI on March 17, 2026 at 12:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch by upgrading AWS API MCP Server to version 1.3.9
  • Verify that the upgrade has been applied and no older versions remain deployed

Generated by OpenCVE AI on March 17, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2cpp-j2fc-qhp7 AWS API MCP File Access Restriction Bypass
History

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Aws
Aws aws Api Mcp Server
Vendors & Products Aws
Aws aws Api Mcp Server

Mon, 16 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To remediate this issue, users should upgrade to version 1.3.9.
Title AWS API MCP File Access Restriction Bypass
Weaknesses CWE-424
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Aws Aws Api Mcp Server
cve-icon MITRE

Status: PUBLISHED

Assigner: AMZN

Published:

Updated: 2026-03-16T18:17:17.927Z

Reserved: 2026-03-16T14:28:58.998Z

Link: CVE-2026-4270

cve-icon Vulnrichment

Updated: 2026-03-16T18:17:12.656Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T17:16:32.270

Modified: 2026-03-17T14:20:01.670

Link: CVE-2026-4270

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:50:17Z

Weaknesses