Critical Vulnerability in Amazon Q Developer Enabled Code Execution via MCP Configurations26. June 2026Claude AI, CybersecurityAmazon Q Developer enabled arbitrary code execution via crafted MCP configurations in malicious repositories, which could lead to credential theft (CVE-2026-12957, CVSS 8.5). Share on: