{"data":{"id":"4b3eff19-540b-44e1-94d9-5721f5a062f6","title":"CVE-2026-4270 - AWS API MCP File Access Restriction Bypass","summary":"A vulnerability (CVE-2026-4270) exists in AWS API MCP Server versions 0.2.14 through 1.3.8, which is software that lets AI assistants interact with AWS services. The bug allows attackers to bypass file access restrictions (the security controls that limit which files an AI can read) and potentially read any file on the system, even when those restrictions are supposed to be enabled.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://aws.amazon.com/security/security-bulletins/rss/2026-007-aws/","publishedAt":"2026-03-16T16:31:30.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["AWS","AWS API MCP Server"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-03-16T16:31:30.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}