AWS has patched a high-severity bug in the Amazon Q Developer extension for Visual Studio Code that could let attackers steal cloud credentials just by getting a developer to open a malicious repository. Tracked as CVE-2026-12957 and discovered by Wiz Research, the flaw allowed Amazon Q to automatically load and execute MCP server configurations without user approval — silently, before any code review happened.
Because spawned processes inherited the developer's full environment, attackers could grab AWS credentials, API keys, and SSH secrets. The fix landed in Language Server version 1.65.0. Similar MCP-related vulnerabilities have also been found in Claude Code, Cursor, and Windsurf.
Source: Dark Reading