Amazon Q Developer Vulnerability Let Malicious Repositories Run Code and Expose Cloud Credentials
VPN Central [Unofficial]
June 28, 2026
Amazon has patched two high-severity vulnerabilities in Amazon Q Developer plugins that could let a malicious workspace run commands or write files outside expected project boundaries. The most serious issue, CVE-2026-12957, affected how Amazon Q Developer handled Model Context Protocol server configurations in project files. According to Wiz Research, a malicious repository could use a […]
The post Amazon Q Developer Vulnerability Let Malicious Repositories Run Code and Expose Cloud Credentials appeared first on VPN Central.
Discussion in the ATmosphere