🟠 High | Source: AWS Security Bulletins
A server-side request forgery (SSRF) vulnerability in the AWS HealthLake MCP Server allows a remote authenticated attacker to redirect pagination requests to an attacker-controlled endpoint by supplying a crafted next_token parameter. Because the server passes AWS temporary security credentials along with these redirected requests, an attacker could exfiltrate those credentials and use them to access AWS services. All versions of the package prior to 0.0.14 are affected.
Security Architect’s Take: Immediately update awslabs.healthlake-mcp-server to version 0.0.14 or later, and audit IAM roles associated with any HealthLake MCP Server deployments for signs of credential misuse. Consider scoping the temporary credentials granted to this service to the minimum necessary HealthLake permissions to limit blast radius if credentials are compromised.
Original advisory: CVE-2026-15643 - AWS HealthLake MCP Server SSRF via Unvalidated Pagination URL