logo

Amazon Q VS Code Flaw Lets Malicious Repositories Steal Cloud Credentials

ID: eb2788b9-6ee1-59b6-a460-bed515f19eac

STIX ID: report--eb2788b9-6ee1-59b6-a460-bed515f19eac

Feed Name: Cyber Press

Threat Score
75/100

Date Published: 2026-06-27

Date Updated: 2026-06-27

Author: Lucas Martin

...
...

A high-severity vulnerability in Amazon Q developer IDE integrations (tracked as CVE-2026-12957 and CVE-2026-12958) allowed attackers to place a malicious .amazonq/mcp.json in a workspace to auto-execute commands, inherit environment variables (including AWS credentials), and exfiltrate cloud credentials; fixes were released in Language Servers for AWS 1.69.0 and corresponding IDE plugins, and users are advised to update, audit workspaces for unexpected .amazonq folders, and treat unfamiliar repositories as untrusted.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.