LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-5059

CVE-2026-5059 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 13, 2026

aws-mcp-server - Command Injection

Published: April 11, 2026Updated: April 13, 2026Remote Exploitable

Overview

aws-mcp-server contains a command injection caused by improper validation of user-supplied strings in the allowed commands list, letting remote attackers execute arbitrary code without authentication.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 101.3%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code on the server, potentially leading to full system compromise.

Mitigation

Update to the latest version of aws-mcp-server.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 11, 2026

šŸ”“ CVE-2026-5059 - Critical (9.8) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerab... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-5059/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 11, 2026

šŸ”“ CVE-2026-5059 - Critical (9.8) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerab... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-5059/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 11, 2026

šŸ”“ CVE-2026-5059 - Critical (9.8) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerab... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-5059/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 11, 2026

šŸ”“ CVE-2026-5059 - Critical (9.8) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerab... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-5059/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-5059
Severity
Critical
CVSS Score
9.8
Type
command_injection
Status
unconfirmed
EPSS
101.3%
Social Posts
4

CWE

  • CWE-78

CVSS Metrics

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

101.3%Probability of exploitation in the next 30 days