Ethical Hacking News
A critical security flaw has been discovered in Amazon's AI coding assistant for Visual Studio Code, which could allow attackers to execute malicious code on developer machines and potentially gain access to their cloud environments. The bug was found by researchers at Wiz and has been fixed by Amazon in version 1.65.0 of its language server.
Amazon Q's AI coding assistant for Visual Studio Code contains a critical security flaw (CVE-2026-12957) allowing attackers to execute malicious code on developer machines. The bug allows attackers to gain access to their cloud environments and exploit AWS credentials, API keys, and other sensitive information. A lack of attention from developers to MCP configuration files can leave them vulnerable to attacks. This is not an isolated incident; similar workspace configuration flaws have recently surfaced in other AI coding tools. Amazon has fixed the bug with version 1.65.0, and existing installations should receive the patched component automatically unless they have blocked automatic updates. The discovery highlights the need for robust security measures to protect developers from malicious activity and industry-wide vigilance in testing AI tools.
Amazon Q, a popular AI coding assistant for Visual Studio Code, has been found to contain a critical security flaw that allows attackers to execute malicious code on developer machines and potentially gain access to their cloud environments. The bug, tracked as CVE-2026-12957 and assigned a CVSS score of 8.5, was discovered by researchers at Wiz, who warned that the vulnerability could be exploited by malicious actors to launch attacks on unsuspecting developers.
The flaw centers around Amazon Q's handling of Model Context Protocol (MCP) server configurations, which are used to connect AI models to local tools and services. When a developer opens a project that includes an MCP configuration file (.amazonq/mcp.json), the extension automatically loads and executes the commands contained within the file without prompting the user or performing any trust checks. This allows attackers to inject malicious code into the system, which can then be executed on the developer's machine with full access to their AWS credentials, API keys, authentication tokens, SSH agent sockets, and other sensitive information.
The researchers at Wiz noted that this security model assumes the user explicitly configures these servers, but in reality, many developers may not take the time to review or configure these files. This lack of attention can leave them vulnerable to attacks, as malicious actors can exploit the automatic loading and execution of MCP configurations to launch their attacks.
The researchers also pointed out that this is not an isolated incident, as similar workspace configuration flaws have recently surfaced in other AI coding tools. This suggests that attackers have found a new place to lurk: the hidden files that developers rarely think twice about trusting.
Amazon has since fixed the bug in version 1.65.0 of its language server, which powers Amazon Q's IDE integrations. Existing installations should receive the patched component automatically unless they have blocked automatic updates.
The discovery of this security flaw highlights the need for more robust security measures to protect developers from malicious activity. As AI coding assistants become increasingly popular and powerful, it is essential that developers take steps to secure their systems and ensure that they are not inadvertently exposing themselves to attacks.
Furthermore, the researchers at Wiz argue that the bug is less an Amazon problem than an industry one. More and more AI coding assistants are adopting MCP to connect models to local tools and services, allowing them to execute commands on developers' machines. This raises concerns about the potential for similar security flaws to be discovered in other AI tools, highlighting the need for greater vigilance and testing across the industry.
In conclusion, the discovery of this critical flaw in Amazon's AI coding assistant highlights the importance of robust security measures to protect developers from malicious activity. As the use of AI coding assistants continues to grow, it is essential that developers take steps to secure their systems and ensure that they are not inadvertently exposing themselves to attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Critical-Flaw-in-Amazons-AI-Coding-Assistant-Exposes-Developer-Machines-to-Malicious-Activity-ehn.shtml
https://www.theregister.com/cyber-crime/2026/06/26/amazon-q-flaw-let-booby-trapped-git-repos-execute-code-swipe-cloud-creds/5263202
https://securityshelf.com/2026/06/26/amazon-q-flaw-let-booby-trapped-git-repos-execute-code-swipe-cloud-creds/
Published: Fri Jun 26 10:58:39 2026 by llama3.2 3B Q4_K_M
