CVE-2026-4270 AWS CVE debrief

Who should care

Administrators, developers, and security teams running AWS API MCP Server versions 0.2.14 through 1.3.8, especially where the MCP client is used to handle sensitive local files or relies on the no-access/workdir restrictions.

Technical summary

NVD classifies the issue as a path-handling weakness (CWE-424) affecting amazon:aws_api_mcp_server on all platforms. The vulnerable range is versions >= 0.2.14 and < 1.3.9. The flaw is described as an improper protection of an alternate path in the no-access and workdir feature, allowing bypass of intended file access controls and potential exposure of arbitrary local file contents within the client application context.

Defensive priority

Medium. Prioritize quickly if the server is deployed with sensitive local files or if the MCP client operates under the assumption that no-access/workdir restrictions are strong isolation controls. Upgrade to 1.3.9 as soon as practical.

Recommended defensive actions

• Upgrade AWS API MCP Server to version 1.3.9 or later.
• Confirm deployed versions are outside the affected range (0.2.14 through 1.3.8).
• Review any workflows that rely on no-access or workdir restrictions for local file safety.
• Limit exposure of sensitive local files in environments where the MCP client runs until patching is complete.
• Use the vendor advisory and package release record to verify the fixed version before rollout.

Evidence notes

This debrief is based on the NVD record for CVE-2026-4270, which lists vulnStatus as Analyzed, references the AWS security bulletin and the PyPI 1.3.9 release page, and identifies the affected CPE range as versions >= 0.2.14 and < 1.3.9. The CVE was published on 2026-03-16 and last modified on 2026-05-21.

Official resources