GHSA-2cpp-j2fc-qhp7

Source

https://github.com/advisories/GHSA-2cpp-j2fc-qhp7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-2cpp-j2fc-qhp7/GHSA-2cpp-j2fc-qhp7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2cpp-j2fc-qhp7

Aliases

CVE-2026-4270

Published

2026-03-17T20:33:15Z

Modified

2026-03-17T20:46:20.187770Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
6.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

AWS API MCP File Access Restriction Bypass

Details

Description

The AWS API MCP Server is an open source Model Context Protocol (MCP) server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls.

This server acts as a bridge between AI assistants and AWS services, allowing you to create, update, and manage AWS resources across all available services. The server includes a configurable file access feature that controls how AWS CLI commands interact with the local file system. By default, file operations are restricted to a designated working directory (workdir), but this can be configured to allow unrestricted file system access (unrestricted) or to block all local file path arguments entirely (no-access).

Description: Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context.

To remediate this issue, users should upgrade to version 1.3.9.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-17T20:33:15Z",
    "severity": "MODERATE",
    "nvd_published_at": "2026-03-16T17:16:32Z",
    "cwe_ids": [
        "CWE-424"
    ]
}

References

Affected packages

PyPI / awslabs-aws-api-mcp-server

Package

Name: awslabs-aws-api-mcp-server; View open source insights on deps.dev
Purl: pkg:pypi/awslabs-aws-api-mcp-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.2.14

Fixed

1.3.9

Affected versions

0.*

0.2.14

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

1.*

1.0.0

1.0.1

1.0.2

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.2.0

1.2.1

1.2.2

1.2.3

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-2cpp-j2fc-qhp7/GHSA-2cpp-j2fc-qhp7.json"