CVE Watch

Diagram of AWS MCP LFI attack reading /etc/passwd via CLI shorthand syntax

AWS MCP Server's LFI Flaw: Authenticated Users Reading /etc/passwd via CLI Tricks

An authenticated user just needed a clever CLI shortcut to peek at AWS server files. Varonis's find in the Remote MCP Server rips open a hole even 'NO_ACCESS' couldn't plug.

3 min read 3 hours ago

#LFI CVE

AWS MCP Server's LFI Flaw: Authenticated Users Reading /etc/passwd via CLI Tricks

Stay in the loop