National Cyber Warfare Foundation (NCWF)

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs


0 user ratings
2026-06-26 14:25:04
milo
Developers
A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it.

Tracked as CVE-2026-12957 (CVSS 8.5), the bug sat in how Amazon's AI coding assistant handled Model Context Protocol (MCP) servers.

Wiz



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Developers



Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.