Critical Alert 3 Active Exploits Detected Today

CVE-2026-58644 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability →
CVE-2026-25089 Fortinet FortiSandbox OS Command Injection Vulnerability →
CVE-2026-39808 Fortinet FortiSandbox OS Command Injection Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower


← Back to CVE List

CVE-2026-15415NVD

Vulnerability Summary

AWS HealthOmics is a HIPAA-eligible service that fully manages the compute, storage, and workflow engine infrastructure required to run bioinformatics analyses at scale for clinical diagnostics, drug discovery, and agricultural research.



Improper limitation of a pathname to a restricted directory in the linting tools of the AWS HealthOmics MCP Server (aws-healthomics-mcp-server) before version 0.0.36 might allow an actor who can influence the MCP agent to write an actor-controlled content to arbitrary locations outside the intended workflow bundle directory, via directory traversal sequences in the workflow_files input.




To remediate this issue, users should upgrade to version 0.0.36 or later.
Severity Level
MEDIUM(5.5)
Published Date
Jul 17, 2026
Last Modified
Jul 17, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
N/A
CVSS v3.1 Base Metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone