{"data":{"id":"cd842443-a4c8-4dbb-aaac-c3127023a946","title":"CVE-2026-15643 - AWS HealthLake MCP Server SSRF via Unvalidated Pagination URL","summary":"AWS HealthLake MCP Server (a tool that lets AI assistants access AWS health data) before version 0.0.14 has a security flaw where it doesn't check that pagination URLs (links used to load more results) point to the legitimate server. An authenticated attacker can exploit this by sending a crafted next_token parameter (a special value that tells the server what data to load next) to redirect requests to their own server and steal temporary AWS credentials (temporary access keys that grant permissions).","solution":"Update AWS HealthLake MCP Server to version 0.0.14 or later.","labels":["security"],"sourceUrl":"https://aws.amazon.com/security/security-bulletins/rss/2026-054-aws/","publishedAt":"2026-07-14T20:09:02.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["AWS","AWS HealthLake MCP Server"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-14T20:09:02.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}