Description
AWS HealthLake MCP Server (awslabs.healthlake-mcp-server) is a Model Context Protocol server that enables AI assistants to interact with AWS HealthLake FHIR datastores. A server-side request forgery in the pagination handling component in AWS awslabs.healthlake-mcp-server before 0.0.14 on all platforms might allow a remote authenticated user to exfiltrate AWS temporary security credentials to an arbitrary endpoint via a crafted next_token parameter. The server does not validate that pagination URLs point back to the expected HealthLake endpoint, allowing an actor to redirect subsequent requests to an actor-controlled server. Its recommended to upgrade to version 0.0.14 or later.
Problem types
CWE-918 Server-Side request forgery (SSRF)
Product status
Any version before 0.0.14
References
pypi.org/project/awslabs.healthlake-mcp-server/0.0.14/
aws.amazon.com/security/security-bulletins/2026-054-aws/