Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
Amazon patched CVE-2026-12957, a high-severity Amazon Q Developer flaw that let malicious MCP config run commands and steal AWS credentials.
More info