Primary

Context

AWS API MCP Server File Access Restriction Bypass Vulnerability

Vulnerability

A vulnerability exists in the AWS API MCP Server's file access management, specifically in versions 0.2.14 and 1.3.9. This vulnerability allows users to bypass intended file access restrictions, potentially exposing arbitrary local file contents within the context of the MCP client application. The issue arises from improper protection of alternate paths in the no-access and workdir features, which can be exploited to access files outside the designated working directory.

Impact

Exploitation of this vulnerability can lead to unauthorized access to local files, bypassing the application's intended file access restrictions.

Remediation

Users are advised to upgrade to AWS API MCP Server version 1.3.9 or later. Instructions for upgrading are available on the AWS API MCP Server PyPI page.

Added: Mar 16, 2026, 5:19 PM

Updated: Mar 16, 2026, 5:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

6.6

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

6.6

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AWS API MCP Server File Access Restriction Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating