{"data":{"id":"06e7d907-eb9f-424f-9747-4cff2960575e","title":"GHSA-2cpp-j2fc-qhp7: AWS API MCP File Access Restriction Bypass","summary":"The AWS API MCP Server (a tool that lets AI assistants interact with AWS services) has a vulnerability in versions 0.2.14 through 1.3.8 where attackers can bypass file access restrictions and read files they shouldn't be able to access, even when the server is configured to block file operations or limit them to a specific directory.","solution":"Upgrade to version 1.3.9 or later.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-2cpp-j2fc-qhp7","publishedAt":"2026-03-17T20:33:15.000Z","cveId":"CVE-2026-4270","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":["awslabs.aws-api-mcp-server@>= 0.2.14, < 1.3.9 (fixed: 1.3.9)"],"affectedVendors":[],"affectedVendorsRaw":["AWS API MCP Server"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00013,"patchAvailable":true,"disclosureDate":"2026-03-17T20:33:15.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}