Amazon Q Developer Vulnerability Allows Code Execution via Malicious Repositories
ID: 49215a3f-85e1-5d0d-b143-e6b81e109870
STIX ID: report--49215a3f-85e1-5d0d-b143-e6b81e109870
Feed Name: GBHackers
A critical flaw in Amazon Q Developer extensions and the AWS language server allowed automatic loading and execution of local Model Context Protocol (MCP) configurations from hidden .amazonq/mcp.json files without workspace trust checks, enabling arbitrary code execution and exfiltration of AWS credentials (CVE-2026-12957, CVE-2026-12958). Researchers at Wiz demonstrated a PoC that exfiltrates session credentials with a single Bash command; exploitation requires minimal user interaction (clone/open a repository) and can be distributed via typosquatted packages, malicious PRs, or poisoned dependencies. Amazon issued updates in May–June 2026 and published vulnerable version ranges developers should patch, while vendors and developers are advised to audit workspace folders and enforce configuration trust boundaries.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
