Vibe Coding
CVE-2026-12957: Amazon Q Developer Turned a `git clone` Into Cloud RCE via Repo MCP Configs
Wiz Research disclosed CVE-2026-12957 (CVSS 8.5): Amazon Q Developer auto-launched MCP servers defined in a repo's `.amazonq/mcp.json`, so a single config file in a cloned repo could execute code with the developer's live AWS keys, cloud CLI tokens, and SSH agent attached. Reported April 20, fixed May 12 (Language Servers for AWS 1.65.0; AWS advises 1.69.0), with the public write-up landing June 26. No known exploitation, but it's a textbook 'repo config = code execution' agent supply-chain failure.
Source
↳ Follow the thread