Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

AWS Amazon Q Developer patch for CVE-2026-12957 and CVE-2026-12958

Security Patch Release
First reported
Last updated
Happening score
H score 18
1 unique sources, 1 articles

Summary

Hide ▲

AWS released fixes for Amazon Q Developer after a high-severity flaw in the VS Code extension could expose developers’ cloud credentials. The patch set covers CVE-2026-12957 and a related CVE-2026-12958 symbolic-link issue. Fixes are available across affected Amazon Q Developer plugins and the language server.

Related Happenings

Dify security patch release for CVE-2026-41947

Security Patch Release
H score34 First: 22.06.2026 19:13 Last: 22.06.2026 19:13 Sources 1

About this happening: **Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...

Open Happening

Squid web proxy patch for CVE-2026-47729

Security Patch Release
H score20 First: 22.06.2026 17:29 Last: 22.06.2026 17:29 Sources 1

About this happening: **Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...

Open Happening

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Google security patch release for CVE-2026-5858

Security Patch Release
H score16 First: 10.04.2026 13:44 Last: 10.04.2026 13:44 Sources 1

About this happening: **Google** released the first stable **Chrome 147** build, closing **60 vulnerabilities** and raising the browser’s baseline security ahead of broader deployment. The patch bundle...

Open Happening

Trend Micro security patch release for CVE-2025-69258

Security Patch Release
H score39 First: 09.01.2026 12:01 Last: 09.01.2026 12:01 Sources 1

About this happening: **Trend Micro** released **security updates** for **Apex Central for Windows** to fix **CVE-2025-69258**, a **9.8 CVSS** remote-code-execution flaw that could let an unauthenticat...

Open Happening

Timeline

  1. 26.06.2026 18:23 1 articles · 1h ago

    AWS receives notice of Amazon Q Developer flaw

    Initial Disclosure

    AWS was notified about a high-severity vulnerability in the Amazon Q Developer extension for Visual Studio Code that could let a malicious repository auto-run commands and expose developers’ cloud credentials and API keys.

    Show sources
    Open in new tab
  2. 26.06.2026 18:23 2 articles · 1h ago

    AWS patches Amazon Q Developer CVE-2026-12957 and CVE-2026-12958

    Mitigation Patch Update

    AWS releases fixes for CVE-2026-12957 and the related symbolic-link issue CVE-2026-12958 across affected Amazon Q Developer plugins and the language server, including language server version 1.65.0.

    Show sources
    Open in new tab
  3. 26.06.2026 03:00 1 articles · 16h ago

    Wiz publishes technical details and PoC code for Amazon Q Developer flaw

    Technical Analysis Update

    Wiz publishes technical details and PoC code showing how a malicious repository could trigger auto-execution in Amazon Q Developer and expose developers’ cloud credentials and API keys.

    Show sources
    Open in new tab