AMAZON Q Developer, the AI-powered coding assistant bundled with Visual Studio Code, contained a high-severity flaw that let attackers steal cloud credentials by tricking users into opening a compromised repository. The issue was disclosed by AWS in a security bulletin and patched on 12 May after a private report on 20 April. Security researchers at Wiz first flagged the problem, noting that a malicious repo could trigger automatic code execution when opened.
The vulnerability is tracked as CVE-2026-12957 and carries a CVSS score of 8.5, reflecting its potential to lead to full credential exposure. It resides in the way the Amazon Q extension processes repository-level MCP (Model Context Protocol) settings, which can be manipulated to run arbitrary shell commands the moment a folder is opened in the IDE. Although the extension primarily targets Visual Studio Code, the same code path exists in the JetBrains plugin, meaning users of both environments were exposed until the update was applied.
When the rogue