CVE-2026-15643
CVE-2026-15643 concerns AWS HealthLake MCP Server (awslabs.healthlake-mcp-server) prior to 0.0.14. A server-side request forgery in the pagination handling component can be exploited by a remote authenticated user to exfiltrate AWS temporary security credentials to an attacker-controlled endpoint...