CVE-2026-4270 - AWS API MCP File Access Restriction Bypass
highvulnerability
security
Source: AWS Security BulletinsMarch 16, 2026
Summary
A vulnerability (CVE-2026-4270) exists in AWS API MCP Server versions 0.2.14 through 1.3.8, which is software that lets AI assistants interact with AWS services. The bug allows attackers to bypass file access restrictions (the security controls that limit which files an AI can read) and potentially read any file on the system, even when those restrictions are supposed to be enabled.
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Amazon
Related Issues
Monthly digest — independent AI security research
Original source: https://aws.amazon.com/security/security-bulletins/rss/2026-007-aws/
First tracked: March 16, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%