AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-2cpp-j2fc-qhp7: AWS API MCP File Access Restriction Bypass

mediumvulnerability

security

Source: GitHub Advisory DatabaseMarch 17, 2026CVE-2026-4270

Summary

The AWS API MCP Server (a tool that lets AI assistants interact with AWS services) has a vulnerability in versions 0.2.14 through 1.3.8 where attackers can bypass file access restrictions and read files they shouldn't be able to access, even when the server is configured to block file operations or limit them to a specific directory.

Solution / Mitigation

Upgrade to version 1.3.9 or later.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Disclosure Date

March 17, 2026

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Affected Vendors

Affected Packages

awslabs.aws-api-mcp-server@>= 0.2.14, < 1.3.9 (fixed: 1.3.9)

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: March 17, 2026 at 04:55 PM

Classified by LLM (prompt v3) · confidence: 92%