AWS HealthOmics is a HIPAA-eligible service that fully manages the compute, storage, and workflow engine infrastructure required to run bioinformatics analyses at scale for clinical diagnostics, drug discovery, and agricultural research.
Improper limitation of a pathname to a restricted directory in the linting tools of the AWS HealthOmics MCP Server (aws-healthomics-mcp-server) before version 0.0.36 might allow an actor who can influence the MCP agent to write an actor-controlled content to arbitrary locations outside the intended workflow bundle directory, via directory traversal sequences in the workflow_files input.
To remediate this issue, users should upgrade to version 0.0.36 or later.
Metrics
Affected Vendors & Products
References
History
Fri, 17 Jul 2026 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | AWS HealthOmics is a HIPAA-eligible service that fully manages the compute, storage, and workflow engine infrastructure required to run bioinformatics analyses at scale for clinical diagnostics, drug discovery, and agricultural research. Improper limitation of a pathname to a restricted directory in the linting tools of the AWS HealthOmics MCP Server (aws-healthomics-mcp-server) before version 0.0.36 might allow an actor who can influence the MCP agent to write an actor-controlled content to arbitrary locations outside the intended workflow bundle directory, via directory traversal sequences in the workflow_files input. To remediate this issue, users should upgrade to version 0.0.36 or later. | |
| Title | Path traversal and arbitrary file write in the workflow linters of aws-healthomics-mcp-server | |
| First Time appeared |
Aws
Aws aws-healthomics-mcp-server |
|
| Weaknesses | CWE-23 | |
| CPEs | cpe:2.3:a:aws:aws-healthomics-mcp-server:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Aws
Aws aws-healthomics-mcp-server |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: AMZN
Published:
Updated: 2026-07-17T19:40:37.036Z
Reserved: 2026-07-10T14:44:01.436Z
Link: CVE-2026-15415
No data.
No data.
No data.
OpenCVE Enrichment
No data.