Vulnerability in Amazon Q for VS Code allows credential theft through manipulated repositories and reveals systemic risks in AI-powered developer tools.
Vulnerability in Amazon Q for VS Code allows credential theft through manipulated repositories and reveals systemic risks in AI-assisted developer tools.
Amazon Q Developer enabled arbitrary code execution via crafted MCP configurations in malicious repositories, which could lead to credential theft (CVE-2026-12957, CVSS 8.5).