Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Amazon Q Developer MCP trust flaw (CVE-2026-12957)

Vulnerability
First reported
Last updated
Happening score
H score 32
2 unique sources, 2 articles

Summary

Hide ▲

Amazon Q Developer had a high-severity trust-boundary flaw in MCP server handling that could let a malicious repository trigger commands on a developer machine and steal cloud credentials from an active session. AWS says it patched CVE-2026-12957 and a related CVE-2026-12958, with fixes across affected Amazon Q Developer plugins and Language Servers for AWS 1.65.0; AWS also advises customers to move to 1.69.0 and newer plugin builds. Wiz Research disclosed the issue and published technical details and PoC code.

Related Happenings

BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave

Exploitation Wave
H score76 First: 12.02.2026 23:34 Last: 12.02.2026 23:34 Sources 1

About this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...

Open Happening

TeamPCP cloud-native exploitation campaign

Campaign
H score33 First: 09.02.2026 10:37 Last: 09.02.2026 10:37 Sources 1

About this happening: **TeamPCP** is a **cloud-native supply-chain campaign** that abuses exposed **Docker APIs**, **Kubernetes clusters**, **Ray dashboards**, **Redis servers**, and **React2Shell (CVE...

Latest development: 23.03.2026 10:31

Researchers uncovered malicious Trivy Docker Hub image tags 0.69.4, 0.69.5, and 0.69.6 tied to TeamPCP; 0.69.5 and 0.69.6 were pushed on March 22 without corresponding GitHub releases or tags. The same reporting says TeamPCP used a compromised service account token to deface all 44 internal repositories in Aqua Security's aquasec-com GitHub organization by renaming them with the tpcp-docs- prefix and exposing them publicly.

Open Happening

Exposed security-training web apps exploitation wave

Exploitation Wave
H score41 First: 21.01.2026 16:00 Last: 21.01.2026 16:00 Sources 1

About this happening: **DVWA**, **OWASP Juice Shop**, **Hackazon**, and **bWAPP** instances exposed in cloud environments are being **actively exploited**, putting **Fortune 500 companies** and securit...

Open Happening

AWS CodeBuild ACTOR_ID regex bypass security flaw

Vulnerability
H score33 First: 15.01.2026 21:31 Last: 15.01.2026 21:31 Sources 1

About this happening: **AWS CodeBuild**'s **ACTOR_ID regex filters** were misconfigured, allowing a build-trigger bypass that could expose privileged GitHub tokens and enable repository takeover. The f...

Open Happening

AWS CodeBuild unanchored pull-request filter misconfiguration security flaw

Vulnerability
H score34 First: 15.01.2026 17:00 Last: 15.01.2026 17:00 Sources 1

About this happening: **AWS CodeBuild** had an **unanchored pull-request filter** flaw that let untrusted PRs run **privileged builds**, creating takeover risk for **core AWS GitHub repositories** and...

Open Happening

Timeline

  1. 26.06.2026 16:53 3 articles · 2h ago

    Amazon Q Developer flaw and patch guidance are publicly detailed

    Technical Analysis Update

    On June 26, 2026, the public write-up details CVE-2026-12957 as a CVSS 8.5 flaw in Amazon Q Developer's MCP server handling, notes that no known public exploitation is listed, and says the issue is fixed in Language Servers for AWS 1.65.0 while AWS advises customers to move to 1.69.0; the same build also closes CVE-2026-12958, and the affected plugins include VS Code 2.20 or later, JetBrains 4.3 or later, Eclipse 2.7.4 or later, and Visual Studio toolkit 1.94.0.0 or later.

    Show sources
    Open in new tab
  2. 12.05.2026 03:00 1 articles · 1mo ago

    Amazon patches CVE-2026-12957 in Language Servers for AWS

    Mitigation Patch Update

    Amazon patched CVE-2026-12957 on May 12, 2026 and changed Amazon Q so it flags an untrusted MCP server and lets the developer reject the command before it runs; the fix also sits alongside guidance to update Language Servers for AWS and bundled IDE plugins.

    Show sources
    Open in new tab
  3. 20.04.2026 03:00 1 articles · 2mo ago

    Wiz Research discloses Amazon Q Developer MCP flaw to Amazon

    Initial Disclosure

    Wiz Research identified a flaw in Amazon Q Developer that let a malicious repository use .amazonq/mcp.json to launch attacker-defined MCP servers, run commands, and steal a developer's live cloud session, and it disclosed the issue to Amazon on April 20, 2026.

    Show sources
    Open in new tab