logo

Amazon Q Developer Vulnerability Allows Code Execution via Malicious Repositories

ID: 49215a3f-85e1-5d0d-b143-e6b81e109870

STIX ID: report--49215a3f-85e1-5d0d-b143-e6b81e109870

Feed Name: GBHackers

Threat Score
78/100

Date Published: 2026-06-27

Date Updated: 2026-06-27

Author: Eswar

...
...

A critical flaw in Amazon Q Developer extensions and the AWS language server allowed automatic loading and execution of local Model Context Protocol (MCP) configurations from hidden .amazonq/mcp.json files without workspace trust checks, enabling arbitrary code execution and exfiltration of AWS credentials (CVE-2026-12957, CVE-2026-12958). Researchers at Wiz demonstrated a PoC that exfiltrates session credentials with a single Bash command; exploitation requires minimal user interaction (clone/open a repository) and can be distributed via typosquatted packages, malicious PRs, or poisoned dependencies. Amazon issued updates in May–June 2026 and published vulnerable version ranges developers should patch, while vendors and developers are advised to audit workspace folders and enforce configuration trust boundaries.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.