Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

Home / Tech / Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

June 26, 2026 dirk 0 Comments 3 tags

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer’s cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it.

Tracked as CVE-2026-12957 (CVSS 8.5), the bug sat in how Amazon’s AI coding assistant handled Model Context Protocol (MCP) servers.

Wiz

Source: The Hacker News

Explore More

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories It’s dumb out there again. This week has the usual smell of prod on fire

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories It’s dumb out there again. This week has the usual smell of prod on fire