PT-2026-60846 · Aws · Aws-Healthomics-Mcp-Server

CVE-2026-15415

·

Publicado

2026-07-17

·

Atualizado

2026-07-17

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AWS HealthOmics is a HIPAA-eligible service that fully manages the compute, storage, and workflow engine infrastructure required to run bioinformatics analyses at scale for clinical diagnostics, drug discovery, and agricultural research.
Improper limitation of a pathname to a restricted directory in the linting tools of the AWS HealthOmics MCP Server (aws-healthomics-mcp-server) before version 0.0.36 might allow an actor who can influence the MCP agent to write an actor-controlled content to arbitrary locations outside the intended workflow bundle directory, via directory traversal sequences in the workflow files input.
To remediate this issue, users should upgrade to version 0.0.36 or later.

Correção

Relative Path Traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-15415

Produtos afetados

Aws-Healthomics-Mcp-Server