URL has been copied successfully!
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs


Tags: , , , ,

A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer’s cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it.Tracked as CVE-2026-12957 (CVSS 8.5), the bug sat in how Amazon’s AI coding assistant handled Model Context Protocol (MCP) servers.Wiz

First seen on thehackernews.com

Jump to article: thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Top 12 ways hackers broke into your systems in 2024
  2. Wiz’s Security GraphDB vs. DeepTempo’s LogLM
  3. Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
  4. FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word