External Publication
Visit Post

Amazon Q Developer Vulnerability Let Malicious Repositories Run Code and Expose Cloud Credentials

VPN Central [Unofficial] June 28, 2026
Source
Amazon has patched two high-severity vulnerabilities in Amazon Q Developer plugins that could let a malicious workspace run commands or write files outside expected project boundaries. The most serious issue, CVE-2026-12957, affected how Amazon Q Developer handled Model Context Protocol server configurations in project files. According to Wiz Research, a malicious repository could use a […] The post Amazon Q Developer Vulnerability Let Malicious Repositories Run Code and Expose Cloud Credentials appeared first on VPN Central.

Discussion in the ATmosphere

Loading comments...