A critical flaw in Amazon's AI coding assistant, Amazon Q Developer, allowed attackers to steal cloud credentials. The vulnerability, CVE-2026-12957, has a CVSS score of 8.5 out of 10.

The security firm Wiz Research discovered the bug. It found the Amazon Q extension for Visual Studio Code would automatically execute configuration files from a code repository without user permission.

The attack is simple. An attacker places a malicious configuration file in a repository. When a developer opens that repo with the vulnerable extension installed, hidden commands run in the background. These commands inherit the developer's environment variables, including AWS access keys and session tokens, allowing for silent data theft.

Amazon released an initial patch in May 2026. It recommends users upgrade to a later version for full protection. No public exploitation has been recorded.

This issue reflects a broader pattern in AI coding tools that use the Model Context Protocol. Developers should immediately update their extensions and consider rotating AWS credentials as a precaution.