awslabs/mcp

v2026.05.20260520203119 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 14d MCP SaaS Integrations

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

aws mcp mcp-client mcp-clients mcp-host mcp-server

+3 more

mcp-servers mcp-tools modelcontextprotocol

Affected surfaces

rce_ssrf

ReleasePort's take

Light signal

editorial:auto 14d

awslabs/mcp 2026.05.20260520203119 patches path traversal vulnerability in S3 downloads, upgrades AWS CLI to v1.45.10, and adds a queries parameter to CloudWatch's get_metric_data.

Why it matters: Apply path traversal security patch immediately. Upgrade AWS CLI to v1.45.10. The CloudWatch queries parameter enables advanced metric filtering; test in dev before rolling out.

Summary

AI summary

Updates 2026.05.20260520203119, aws-api-mcp-server, and cloudwatch across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	extend get_metric_data with queries parameter extend get_metric_data with queries parameter Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Dependency	Medium	upgrade AWS CLI to v1.45.10 upgrade AWS CLI to v1.45.10 Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Bugfix	Medium	prevent path traversal in download_s3_… prevent path traversal in download_s3_… Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—

Full changelog

2026.05.20260520203119

What's Changed

chore(aws-api-mcp-server): upgrade AWS CLI to v1.45.10 by @awslabs-mcp in https://github.com/awslabs/mcp/pull/3544
chore(aws-api-mcp-server): upgrade AWS CLI to v1.45.11 by @awslabs-mcp in https://github.com/awslabs/mcp/pull/3603
feat(cloudwatch): extend get_metric_data with queries parameter by @bnronron in https://github.com/awslabs/mcp/pull/3358
fix(aws-transform-mcp-server): prevent path traversal in download_s3_… by @occhangg in https://github.com/awslabs/mcp/pull/3604
chore: release/2026.05.20260520203119 by @awslabs-mcp in https://github.com/awslabs/mcp/pull/3606

New Contributors

@bnronron made their first contribution in https://github.com/awslabs/mcp/pull/3358

Full Changelog: https://github.com/awslabs/mcp/compare/2026.05.20260518145256...2026.05.20260520203119

Security Fixes

Fixed path traversal vulnerability in download_s3_… function of aws-transform-mcp-server

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track awslabs/mcp

Get notified when new releases ship.

About awslabs/mcp

Official MCP Servers for AWS

All releases →