CVE-2026-5059— aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the MCP server. Was ZDI-CAN-27969.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

aws-mcp-server 操作系统命令注入漏洞

aws-mcp-server是Alexei Ledenev个人开发者的一个一种轻量级服务，使AI助手能够通过模型上下文协议（MCP）执行AWS CLI命令（在安全的容器化环境中）。 aws-mcp-server存在操作系统命令注入漏洞，该漏洞源于对允许的命令列表验证不足，可能导致远程代码执行。

N/A

N/A