CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-4270

unknowncovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: 2026-007-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/16 09:15 AM PDT Description: The AWS API MCP Server is an open source Model Context Protocol (MCP) server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls. This server acts as a bridge between AI assistants and AWS services, allowing you to create, update, and manage AWS resources across all available services. The server includes a configurable file access feature that controls how AWS CLI commands interact with the local file system. By default, file operations are restricted to a designated working directory (workdir), but this can be configured to allow unrestricted file system access (unrestricted) or to block all local file path arguments entirely (no-access). We identified CVE-2026-4270: Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. Impacted versions: awslabs.aws-api-mcp-server >= 0.2.14, < 1.3.9 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

What
A file access restriction bypass could allow unrestricted file system access.
Who is affected
Users of the AWS API MCP Server.
Urgency
Remediation is important to maintain proper security controls.
Action
Review and configure file access settings appropriately.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-4270

Get an email if CVE-2026-4270 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-4270

CVE.org record

Embed the live status

CVE-2026-4270 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-4270 status](https://www.csirts.com/badge/CVE-2026-4270)](https://www.csirts.com/cve/CVE-2026-4270)