Amazon Q Flaw Exposes Code Execution and Cloud Risks

Amazon Q Flaw Exposes Code Execution and Cloud Risks

Posted on By CWS

Amazon’s AI-enhanced coding tool, the Amazon Q Developer Extension for Visual Studio Code, has been found to have a critical vulnerability. This flaw, identified by Wiz Research, has been assigned CVE-2026-12957 and CVE-2026-12958, highlighting significant risks of arbitrary code execution and unauthorized access to cloud credentials when developers open compromised repositories.

Understanding the Vulnerability

The main issue arises from how Amazon Q automatically loads Model Context Protocol (MCP) server configurations from workspace files without requiring user approval or verifying workspace trust. This automatic loading, combined with full environment inheritance by processes, creates a potential attack scenario.

Upon opening a compromised repository, the extension can execute commands from malicious configurations. This results in attackers gaining access to sensitive information such as AWS credentials, cloud authentication tokens, and other secrets, all without the developer’s awareness.

Implications of the Security Breach

A proof-of-concept demonstrated that a harmful .amazonq/mcp.json file could easily exfiltrate active AWS session credentials to an attacker’s server. The CVEs highlight two main issues: improper trust boundary enforcement and a lack of symlink validation, which allows unauthorized path traversal.

The affected versions include Amazon Q Developer for VS Code below version 2.20 and other related products. This vulnerability represents a larger issue across AI coding tools, with similar risks identified in other platforms such as Claude Code and Windsurf.

Preventive Measures and Recommendations

Amazon has responded by patching these vulnerabilities in the latest version of their Language Servers for AWS. Users should ensure all Amazon Q Developer plugins are up-to-date and treat unknown repositories as untrusted. It’s crucial to inspect .amazonq/ directories for unexpected configurations and review consent prompts carefully.

This vulnerability underscores a broader industry concern over the auto-execution of configurations without user consent. It calls for heightened vigilance and coordinated efforts across the software community to mitigate these risks.

Wiz Research’s Maor Dokhanian discovered the vulnerability, which was responsibly disclosed to Amazon in April 2026. Following initial fixes in May, Amazon issued full public disclosure in June 2026.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Samsung Zero-Day Vulnerability Actively Exploited to Execute Remote Code Samsung Zero-Day Vulnerability Actively Exploited to Execute Remote Code Cyber Security News
Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks Cyber Security News
New TinyLoader Malware Attacking Windows Users Via Network Shares and Fake Shortcuts Files New TinyLoader Malware Attacking Windows Users Via Network Shares and Fake Shortcuts Files Cyber Security News
New Gentlemen’s RaaS Advertised on Hacking Forums Targeting Windows, Linux and ESXi Systems New Gentlemen’s RaaS Advertised on Hacking Forums Targeting Windows, Linux and ESXi Systems Cyber Security News
Lazarus Group’s Mach-O Man Malware Targets macOS Users Lazarus Group’s Mach-O Man Malware Targets macOS Users Cyber Security News
Cybersecurity Awards Focus on Governance Over AI Hype Cybersecurity Awards Focus on Governance Over AI Hype Cyber Security News