{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreifszv4vymdbfqnyfzhktxivr6z4utyticquc6tf437soa7zjm2tgq",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mpe3ewvs2qr2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreihpegsxwf4djlc4jrfnktbtw3fmfgqzx5w26yg4wijldj4gtjjp44"
    },
    "mimeType": "image/webp",
    "size": 12854
  },
  "path": "/amazon-q-developer-vulnerability-let-malicious-repositories-run-code-and-expose-cloud-credentials/",
  "publishedAt": "2026-06-28T05:18:16.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Amazon Q Developer Vulnerability Let Malicious Repositories Run Code and Expose Cloud Credentials",
    "VPN Central"
  ],
  "textContent": "Amazon has patched two high-severity vulnerabilities in Amazon Q Developer plugins that could let a malicious workspace run commands or write files outside expected project boundaries. The most serious issue, CVE-2026-12957, affected how Amazon Q Developer handled Model Context Protocol server configurations in project files. According to Wiz Research, a malicious repository could use a […]\n\nThe post Amazon Q Developer Vulnerability Let Malicious Repositories Run Code and Expose Cloud Credentials appeared first on VPN Central.",
  "title": "Amazon Q Developer Vulnerability Let Malicious Repositories Run Code and Expose Cloud Credentials"
}