🟠 High | Source: The Hacker News
A high-severity vulnerability (CVE-2026-12957, CVSS 8.5) in Amazon Q Developer allowed a malicious code repository to execute arbitrary commands and steal AWS cloud credentials simply by being opened in the IDE. The flaw stemmed from how Amazon Q handled Model Context Protocol (MCP) server configurations, meaning a developer trusting a workspace was sufficient to trigger the attack. Amazon has issued a patch.
Security Architect’s Take: Ensure all developers update Amazon Q Developer to the latest patched version immediately, and review internal guidance on trusting third-party repositories in AI-assisted development environments. Consider auditing MCP server configurations across your development fleet and restrict automatic trust of workspaces in IDE security policies.
Original advisory: Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs