Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

Amazon patched a critical vulnerability in its Amazon Q Developer AI coding assistant that could allow malicious repositories to execute commands and steal developer cloud credentials. The flaw, tracked as CVE-2026-12957 with a CVSS score of 8.5, resided in the assistant's handling of Model Context Protocol (MCP) servers. A successful exploit required a developer to open a malicious repository and trust the associated workspace, after which Amazon Q would automatically process the compromised MCP configurations. Security researchers at Wiz identified the vulnerability and reported that the exploit path was straightforward, enabling attackers to potentially gain unauthorized access to sensitive information. Amazon has since released a fix for the issue, mitigating the risk to users of the Q Developer tool.