MCP Auto-Execution: From Git Clone to Cloud Compromise in Amazon Q VS Code Extension
Summary
Amazon Q, an AI coding assistant for VS Code, had a high-severity vulnerability (CVE-2026-12957) that let attackers execute arbitrary code and steal cloud credentials just by having a developer open a malicious repository. The problem was that Amazon Q automatically loaded and ran MCP server configurations (local processes that extend an AI assistant's capabilities) from workspace files without asking the user for permission or checking if the folder was trusted. Since these processes inherited the developer's full environment, attackers could access sensitive credentials like AWS keys and API tokens.
Solution / Mitigation
Amazon has remediated this issue in language server version 1.65.0.
Classification
Affected Vendors
Related Issues
Original source: https://www.wiz.io/blog/amazon-q-vulnerability
First tracked: June 26, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%