[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fT0F5N_UZs6aADruO7G8Scjl2lXLII4WNvCuBYWvc_lw":3},{"article":4,"iocs":56},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":33,"category":34,"article_tags":38},"4767c704-0010-461c-99e5-16573a9b285b","Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories","amazon-q-flaw-enabled-cloud-credential-theft-via-malicious-repositories-7039d0","AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact. The post Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories appeared first on SecurityWeek.","A high-severity vulnerability in the Amazon Q Developer extension for VS Code allowed attackers to steal cloud credentials by embedding malicious commands in code repositories. Opening such a repository would automatically execute attacker-controlled code, exfiltrating active session credentials without user permission. AWS has since patched the vulnerability, tracked as CVE-2026-12957, and a related issue (CVE-2026-12958).","Amazon Q flaw allowed cloud credential theft via malicious repositories.","Researchers at Wiz have disclosed a high-severity vulnerability in the Amazon Q Developer extension for Visual Studio Code that could allow attackers to steal developers’ cloud credentials by luring them into opening a booby-trapped code repository. Amazon Q Developer is an AI-powered coding assistant that offers developers features such as code suggestions, automated refactoring, and access to external tools and services via integrations with local processes. AWS was notified about the issue on April 20 and a patch was released on May 12. The cloud giant published a security advisory this week. The root cause of the vulnerability was that the extension would automatically act on configuration files embedded in a workspace without first asking the user for permission. That meant a malicious repository could quietly run attacker-controlled commands in the background the moment a developer opened it, gaining access to whatever cloud credentials and API keys were loaded in their environment at the time. Attack path examples include fake coding tests like those used by North Korean hackers, a typosquatted open source package, or a malicious pull request to a popular project, Wiz said.Advertisement. Scroll to continue reading. Developers authenticated to AWS or other cloud services would be particularly exposed, since active session credentials could be captured and exfiltrated without any visible warning. “The combination of auto-execution, shell spawning, and environment inheritance created a high-severity vulnerability in a widely-used developer tool. A single malicious repository could compromise not just the developer’s local machine, but their cloud infrastructure as well,” Wiz noted. AWS has patched the vulnerability, tracked as CVE-2026-12957, and a related issue involving symbolic link handling (CVE-2026-12958). Fixes are available across all affected Amazon Q Developer plugins covering VS Code, JetBrains, Eclipse, and Visual Studio, as well as the language server. “We would like to thank Wiz for collaborating with us on this issue. We have remediated this issue in language server version 1.65.0,” an AWS spokesperson told SecurityWeek. “The AWS Language Server updates automatically unless the customer’s network configuration prevents it, so no action is required in most cases. For existing customers, reloading the IDE will trigger an update to the latest language server version, which includes this fix. If auto-update is blocked, we recommend upgrading to the latest version of the Amazon Q Developer plugin for your IDE. New customers require no action, as the latest patched version will be downloaded automatically,” the AWS spokesperson added. Wiz noted that the underlying issue is not unique to Amazon Q; other researchers have identified similar problems in VS Code and other AI coding tools, including Claude and Cursor. The Google-owned cloud security giant published technical details and PoC code on Friday. Related: GitLab Patches Code Execution, Information Disclosure Vulnerabilities Related: 25-Year-Old Vulnerability Patched in Curl Related: Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Eduard Kovacs Cal Water Says No OT Systems Breached in Iranian Handala CyberattackLantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat WarningCisco SD-WAN Zero-Day Exploited Months Before PatchingMicrosoft and Allies Smash Shared Infrastructure of Amadey and StealC MalwaremacOS Weaknesses Chained to Silently Disable Endpoint Security AgentsThird DraftKings Hacker Sentenced to 18 Months in PrisonHackers Exploiting Cisco Unified CM VulnerabilityDragos Unveils AI for OT Security Latest News More Klue Breach Victims Identified as Hackers Get HackedIn Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk LayoffsNebulock Raises $25 Million for AI-Native Contextual SecurityLinux Foundation Unveils New Open Source Security Project Akrites$3 Million Reportedly Stolen in Polymarket HackRussian APT Deploys ‘StockStay’ Backdoor Against Ukrainian TargetsFirst-Ever Exploitation of PTC Windchill Vulnerability Discovered in the WildNew Enterprise-Ready MCP Specification Brings New Security Challenges Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveMark Carter has been appointed Chief Information Security Officer at Socure.Spektrum Labs has named Mark Cravotta Chief Operating Officer.Philip Martin has joined Uber as Chief Information Security Officer.More People On The MoveExpert Insights When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George) No Exploits Required Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley) After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told the Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Famazon-q-flaw-enabled-cloud-credential-theft-via-malicious-repositories\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F04\u002Fcoding-vulnerability-software-development.jpeg","2026-06-26T15:23:46+00:00","2026-06-26T16:00:19.683229+00:00",8,[18,21,23,26,28,31],{"name":19,"type":20},"Amazon Q Developer","product",{"name":22,"type":20},"Visual Studio Code",{"name":24,"type":25},"AWS","vendor",{"name":27,"type":25},"Wiz",{"name":29,"type":30},"North Korean hackers","threat_actor",{"name":32,"type":20},"Claude","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":33,"icon":35,"name":36,"slug":37},null,"Vulnerabilities","vulnerabilities",[39,44,46,51],{"category":40},{"id":41,"icon":35,"name":42,"slug":43},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":45},{"id":33,"icon":35,"name":36,"slug":37},{"category":47},{"id":48,"icon":35,"name":49,"slug":50},"c70f3a41-2f0c-4608-870d-b8cbcd8be076","Cloud Security","cloud-security",{"category":52},{"id":53,"icon":35,"name":54,"slug":55},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[57,61],{"type":58,"value":59,"context":60},"cve","CVE-2026-12957","Amazon Q Developer extension vulnerability allowing credential theft",{"type":58,"value":62,"context":63},"CVE-2026-12958","Related issue involving symbolic link handling"]