CVE-2026-5058 - Vulnerability Details

- aws-mcp-server Command Injection Remote Code Execution Vulnerability

Description

aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the MCP server. Was ZDI-CAN-27968.

Published: 2026-04-11

Score: 9.8 Critical

EPSS: 1.7% Low

KEV: No

Impact:

Action:

Analysis

Impact

The aws-mcp-server service has a command injection flaw that allows an unauthenticated attacker to supply an unvalidated command string which is executed directly by the server. This vulnerability corresponds to CWE‑78 (OS Command Injection) and can lead to arbitrary code execution with the privileges of the MCP server process, potentially compromising the entire environment. The public advisory reports the flaw as critical with a CVSS score of 9.8.

Affected Systems

The affected product is AWS MCP Server. The advisory does not list any specific version range, so the flaw may affect all existing installations of the service until a vendor‑issued update is released. Administrators should review their installed versions against vendor documentation.

Risk and Exploitability

The risk is high because no authentication is required and the flaw can be triggered from a network‑facing interface. The exact attack vector is not detailed in the advisory, so we infer that it involves a vulnerable endpoint that receives command strings. The EPSS score is not available, and the vulnerability is not in the KEV catalog, but the CVSS score of 9.8 indicates a critical severity. The potential impact includes full compromise of the server and the systems it manages.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

aws-mcp-server

unknown

Version	Status	Constraints
`1.3.0`	affected	—

No data.

Vendor Product Confidence Versions

Aws

Aws-mcp-server

100%

Version	Status	Scheme	Platform
`1.3.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor‑issued patch or upgrade to the latest version of AWS MCP Server as soon as it becomes available.
Until a patch is available, restrict access to the MCP Server endpoints by firewall rules or network segmentation to block unauthenticated traffic.
If possible, disable the command‑execution feature or enforce strict input validation on any parameters that are passed to system calls.
Monitor system logs for unexpected command executions and investigate suspicious activity promptly.
Keep the service updated by regularly checking the vendor’s security advisories or the official AWS MCP Server release notes.

Generated by OpenCVE AI on April 11, 2026 at 02:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01715.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://www.zerodayinitiative.com/advisories/ZDI-26-246/

History

Mon, 13 Apr 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 13 Apr 2026 13:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Aws Aws aws-mcp-server
Vendors & Products		Aws Aws aws-mcp-server

Sat, 11 Apr 2026 01:00:00 +0000

Type	Values Removed	Values Added
Description		aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the MCP server. Was ZDI-CAN-27968.
Title		aws-mcp-server Command Injection Remote Code Execution Vulnerability
Weaknesses		CWE-78
References		https://www.zerodayinitiative.com/advisories/ZDI-26-246/
Metrics		cvssV3_0 `{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Aws Aws-mcp-server

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2026-04-11T00:14:52.192Z

Updated: 2026-04-13T17:32:02.375Z

Reserved: 2026-03-27T18:09:58.198Z

Link: CVE-2026-5058

Vulnrichment

Updated: 2026-04-13T17:31:58.717Z

NVD

Status : Awaiting Analysis

Published: 2026-04-11T01:16:18.157

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-5058

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-13T12:57:04Z

Weaknesses

CWE-78

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object