🚨 AWS Language Server Flaw!

CVE-2026-12957 allows zero-click command injection and cloud credential theft simply by opening a poisoned repository inside your IDE (affecting Amazon Q Developer).

https://denizhalil.com/2026/06/27/cve-2026-12957-aws-language-server-command-injection/

#CVE202612957 #aws #Cybersecurity #infosec #CloudSecurity

Amazon AI Coding Tool Exposes Cloud Credentials to Malicious Git Repos

A security vulnerability in Amazon's AI coding assistant, tracked as CVE-2026-12957, allowed malicious Git repositories to access sensitive cloud credentials, raising concerns about informed consent and user security. The flaw enabled automatic execution of commands with no user prompt required.

https://osintsights.com/amazon-ai-coding-tool-exposes-cloud-credentials-to-malicious-git-repos?utm_source=mastodon&utm_medium=social

#AiCoding #Amazon #Cve202612957 #CloudSecurity #SupplyChain

Amazon Q Developer Flaw Lets Malicious Repos Run Code via MCP Configs

A high-severity flaw in Amazon Q Developer, tracked as CVE-2026-12957, allowed malicious repositories to run commands and steal cloud credentials simply by being opened in an IDE. This vulnerability put developers at risk of having their sensitive AWS keys, cloud CLI tokens, and API secrets compromised.

https://osintsights.com/amazon-q-developer-flaw-lets-malicious-repos-run-code-via-mcp-configs?utm_source=mastodon&utm_medium=social

#AmazonQDeveloper #Cve202612957 #CloudCredentials #CodeExecution #McpConfigs