Directory Traversal Vulnerability in AWS HealthOmics MCP Server by Amazon
CVE-2026-15415

6.8MEDIUM

Key Information:

Vendor

Aws

Vendor
CVE Published:
17 July 2026

What is CVE-2026-15415?

The AWS HealthOmics MCP Server, a service designed for scalable bioinformatics analyses, is affected by a directory traversal vulnerability. The improper limitation of a pathname allows an attacker capable of influencing the MCP agent to craft input that enables writing to arbitrary locations outside the designated workflow bundle directory. This can compromise the integrity of the system by permitting unauthorized access to sensitive data. Users are advised to upgrade to version 0.0.36 or later to mitigate this issue.

Affected Version(s)

aws-healthomics-mcp-server 0 < 0.0.36

References

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.