{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreifszv4vymdbfqnyfzhktxivr6z4utyticquc6tf437soa7zjm2tgq",
"uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mpe3ewvs2qr2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreihpegsxwf4djlc4jrfnktbtw3fmfgqzx5w26yg4wijldj4gtjjp44"
},
"mimeType": "image/webp",
"size": 12854
},
"path": "/amazon-q-developer-vulnerability-let-malicious-repositories-run-code-and-expose-cloud-credentials/",
"publishedAt": "2026-06-28T05:18:16.000Z",
"site": "https://vpncentral.com",
"tags": [
"News",
"Amazon Q Developer Vulnerability Let Malicious Repositories Run Code and Expose Cloud Credentials",
"VPN Central"
],
"textContent": "Amazon has patched two high-severity vulnerabilities in Amazon Q Developer plugins that could let a malicious workspace run commands or write files outside expected project boundaries. The most serious issue, CVE-2026-12957, affected how Amazon Q Developer handled Model Context Protocol server configurations in project files. According to Wiz Research, a malicious repository could use a […]\n\nThe post Amazon Q Developer Vulnerability Let Malicious Repositories Run Code and Expose Cloud Credentials appeared first on VPN Central.",
"title": "Amazon Q Developer Vulnerability Let Malicious Repositories Run Code and Expose Cloud Credentials"
}