Amazon Q VS Extension Flaw Leads to Cloud Credential Theft
ID: 313e2e01-ac26-5d24-86b9-40053d88fbe1
STIX ID: report--313e2e01-ac26-5d24-86b9-40053d88fbe1
Feed Name: Dark Reading
Wiz researchers disclosed CVE-2026-12957 in the Amazon Q Developer extension for Visual Studio Code, where MCP server configurations were automatically loaded and executed without user consent, allowing attackers to run code with the developer's environment and exfiltrate AWS credentials; AWS issued a fix in Language Server 1.65.0. The report warns this is part of a wider class of MCP-related risks in AI coding assistants and recommends auditing MCP configurations and treating AI tools with environment access as potential credential-exfiltration vectors.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
