← All stories
● Covered by 1 source Β· 1 reportMedium impact

Amazon Q Developer Flaw Allows Code Execution via Malicious Repos

Aggregated by BrevFeed security Β· updated 4d ago
πŸ”– Save

A high-severity flaw in Amazon Q Developer permitted malicious repositories to execute code and steal developer credentials. The issue stemmed from the way Amazon's AI coding assistant handled Model Context Protocol servers, which has now been patched by Amazon.

Key points

Overview of the Vulnerability

Amazon Q Developer had a significant flaw allowing attackers to leverage malicious repositories. By opening a repository and trusting the workspace, a developer could inadvertently execute code as the system's active user.

Mechanism of the Attack

The vulnerability involved the reading of a specific MCP configuration file, .amazonq/mcp.json. Once loaded, Amazon Q would initiate defined MCP servers that could access sensitive credentials, enabling the execution of malicious commands on the developer's cloud session without further authentication.

Consequences of Exploitation

Wiz Research demonstrated the exploit by making the malicious file execute a command to retrieve AWS session information. Depending on cloud permissions, this could allow an attacker to alter infrastructure or service access, posing serious security risks.

Response and Mitigation

Amazon has addressed the vulnerability with a patch that requires developers to confirm untrusted MCP servers before executing commands. Users are urged to upgrade to Language Servers for AWS version 1.69.0 to ensure they are protected against this flaw and a related issue.

Recommended Actions for Users

Developers using Amazon Q should update to the patched versions of Language Servers for AWS and relevant IDE plugins as soon as possible. The update addresses CVE-2026-12957 and also resolves an additional vulnerability identified as CVE-2026-12958.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

CVE CVE-2025-54136 CVE CVE-2025-59536 CVE CVE-2026-12957 CVE CVE-2026-12958 CVE CVE-2026-30615

Reporting from

A high-severity flaw in Amazon Q Developer permitted malicious repositories to execute code and steal developer credentials. The issue stemmed from the way Amazon's AI coding assistant handled Model Context Protocol servers, which has now been patched by Amazon.