CVE-2026-4270 - AWS API MCP File Access Restriction Bypass

Api Mcp ยท 2026-06-05

Actions

Rate this issue

Technical Details

Affected Versions 0.2.14, 1.3.9
Regions all
CVE IDs CVE-2026-4270
Migration Required Yes
Cost Impact Neutral
IaC Impact High

What This Means

For DevOps Teams

Update the AWS API MCP Server to version 1.3.9 to address the file access restriction bypass vulnerability (CVE-2026-4270) and ensure the security of your AWS infrastructure.

For Platform Teams

Deploy the latest version of the AWS API MCP Server (1.3.9) to resolve the file access restriction bypass issue and maintain the security and integrity of your AWS environment.

For Executives

Implement the upgrade to awslabs.aws-api-mcp-server version 1.3.9 to mitigate the risk of unauthorized file access and protect sensitive data within your AWS infrastructure.

Source

View original AWS announcement โ†’

Weekly AWS Digest in Your Inbox

No spam, no headlines. Just a weekly summary of the 3โ€“7 AWS changes that matter for DevOps and Platform teams.

๐Ÿ“ง Exactly 1 email per week โ€ข Every Tuesday โ€ข Unsubscribe anytime

Today: AWS only. Coming next: Azure and other major clouds.