Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

Home / Tech / Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

June 26, 2026 dirk 0 Comments 3 tags

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer’s cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it.

Tracked as CVE-2026-12957 (CVSS 8.5), the bug sat in how Amazon’s AI coding assistant handled Model Context Protocol (MCP) servers.

Wiz

Source: The Hacker News

Explore More

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories It’s dumb out there again. This week has the usual smell of prod on fire

Emacs 31 Is Around the Corner: The Changes I’m Daily Driving

Emacs 31 Is Around the Corner: The Changes I’m Daily Driving Source: Hacker News

Usbliter8: an A12/A13 SecureROM Exploit

Usbliter8: an A12/A13 SecureROM Exploit Source: Hacker News