Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: amazon-q (1 article)Clear

Amazon Q Developer flaw let a malicious repo steal a developer's cloud keys

Wiz Research found a high-severity flaw in Amazon Q Developer, Amazon's AI coding assistant, that let a malicious code repository run commands and steal a developer's cloud credentials simply by being opened. The bug (CVE-2026-12957) lay in how Amazon Q handled Model Context Protocol servers: it read an MCP configuration file from the open workspace and automatically launched the servers it defined. Because those servers run as local processes that inherit the developer's full environment, a single config file committed to a repo could reach AWS keys, cloud tokens, API secrets, and SSH agent sockets, turning a git clone into a full compromise. Amazon has patched the issue and published an advisory.

Check
Confirm Amazon Q Developer is updated to the patched version, and review whether developers open untrusted repositories in AI coding assistants that can auto-launch Model Context Protocol servers from in-repo configuration files.
Affected
Developers using vulnerable versions of Amazon Q Developer (CVE-2026-12957) who open untrusted repositories; a malicious MCP configuration file could run commands and steal cloud credentials from the developer's environment.
Fix
Update Amazon Q Developer, treat opening a repository in an AI assistant as running its code, disable automatic MCP server launching where possible, and isolate untrusted repos without real credentials.