Researchers from Wiz have identified a critical security vulnerability within the Amazon Q Developer extension for Visual Studio Code. This flaw potentially allows attackers to access developers’ cloud credentials by enticing them to open a compromised code repository.
Understanding the Amazon Q Flaw
The Amazon Q Developer extension, an AI-powered tool, provides developers with features such as code suggestions and automated refactoring, while integrating with local processes for access to external tools and services. However, a vulnerability was discovered, leading to unauthorized execution of configuration files embedded in workspaces without user consent.
This vulnerability enabled malicious repositories to execute attacker-controlled commands covertly, thereby accessing cloud credentials and API keys present in the developer’s environment. Such exploits could involve deceptive coding tests, typosquatted packages, or malicious pull requests, as highlighted by Wiz.
Patch and Response from AWS
AWS was informed of the vulnerability on April 20, with a patch released by May 12. AWS has since issued a security advisory, addressing the issue tracked as CVE-2026-12957, along with a related symbolic link handling issue (CVE-2026-12958). The fixes apply to all relevant Amazon Q Developer plugins, including those for VS Code, JetBrains, Eclipse, and Visual Studio.
An AWS spokesperson expressed gratitude towards Wiz for their collaboration in resolving the issue, noting that the AWS Language Server updates automatically under most configurations. Reloading the IDE will prompt an update to the latest version, which includes this fix. For those with auto-updates blocked, an upgrade to the latest Amazon Q Developer plugin is recommended.
Industry-wide Implications and Future Outlook
The identified vulnerability is not exclusive to Amazon Q. Similar issues have been discovered in other AI coding tools like VS Code, Claude, and Cursor. The Google-owned cloud security firm shared technical details and proof-of-concept code, underscoring the broader implications for AI-powered development environments.
As the industry continues to address these vulnerabilities, developers are urged to stay vigilant and ensure their tools are regularly updated. This incident highlights the importance of robust security measures in safeguarding cloud credentials and infrastructure.
Related discussions have emerged around similar vulnerabilities in platforms like GitLab and Curl, emphasizing the ongoing need for comprehensive security audits and timely patch implementations in developer tools.
