A high-severity flaw in Amazon Q Developer permitted malicious repositories to execute code and steal developer credentials. The issue stemmed from the way Amazon's AI coding assistant handled Model Context Protocol servers, which has now been patched by Amazon.
Amazon Q Developer had a significant flaw allowing attackers to leverage malicious repositories. By opening a repository and trusting the workspace, a developer could inadvertently execute code as the system's active user.
The vulnerability involved the reading of a specific MCP configuration file, .amazonq/mcp.json. Once loaded, Amazon Q would initiate defined MCP servers that could access sensitive credentials, enabling the execution of malicious commands on the developer's cloud session without further authentication.
Wiz Research demonstrated the exploit by making the malicious file execute a command to retrieve AWS session information. Depending on cloud permissions, this could allow an attacker to alter infrastructure or service access, posing serious security risks.
Amazon has addressed the vulnerability with a patch that requires developers to confirm untrusted MCP servers before executing commands. Users are urged to upgrade to Language Servers for AWS version 1.69.0 to ensure they are protected against this flaw and a related issue.
Developers using Amazon Q should update to the patched versions of Language Servers for AWS and relevant IDE plugins as soon as possible. The update addresses CVE-2026-12957 and also resolves an additional vulnerability identified as CVE-2026-12958.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
A high-severity flaw in Amazon Q Developer permitted malicious repositories to execute code and steal developer credentials. The issue stemmed from the way Amazon's AI coding assistant handled Model Context Protocol servers, which has now been patched by Amazon.