In a nutshell: Amazon Q Developer enabled arbitrary code execution via crafted MCP configurations in malicious repositories, which could lead to credential theft (CVE-2026-12957, CVSS 8.5).
A vulnerability in Amazon Q Developer (CVE-2026-12957, CVSS 8.5) enabled arbitrary command execution through malicious repository configurations and cloud credential theft. Amazon has since patched the flaw.
The vulnerability affected how Amazon’s AI-powered code assistant handled Model Context Protocol (MCP) servers. An attacker could craft a malicious repository and trick developers who open the repo and consent to workspace configuration into allowing Amazon Q to automatically execute arbitrary commands.
The attack path was short and direct: a developer opens the repository, trusts the workspace configuration, and the AI assistant executes commands embedded in MCP configurations. This would have enabled attackers to exfiltrate the affected developer’s cloud credentials and gain access to hosted systems and data.
The vulnerability is rated as highly critical (CVSS 8.5). For CISOs, this means that supply-chain risks around AI-powered development tools represent tangible attack vectors — particularly when developers automatically access or trust repository configurations.
Source: thehackernews.com · Published 26 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 of the EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.