Technical description
Critical command injection vulnerability in aws-mcp-server allowing unauthenticated remote code execution via improper validation of user-supplied strings used in system calls. CVSS 9.8.
Attack vector
Unauthenticated remote exploitation via command injection into the server's allowed commands list handling. No authentication or specialised tooling required.
Affected systems
aws-mcp-server and any agentic AI system using it as an MCP endpoint for AWS CLI operations.
Mitigation
Patch immediately. Restrict network access to MCP server instances. Implement input validation on all user-supplied strings before system calls. Audit MCP server configurations for exposed endpoints.