Directory Traversal Vulnerability in AWS HealthOmics MCP Server by Amazon
CVE-2026-15415
6.8MEDIUM
What is CVE-2026-15415?
The AWS HealthOmics MCP Server, a service designed for scalable bioinformatics analyses, is affected by a directory traversal vulnerability. The improper limitation of a pathname allows an attacker capable of influencing the MCP agent to craft input that enables writing to arbitrary locations outside the designated workflow bundle directory. This can compromise the integrity of the system by permitting unauthorized access to sensitive data. Users are advised to upgrade to version 0.0.36 or later to mitigate this issue.
Affected Version(s)
aws-healthomics-mcp-server 0 < 0.0.36
