wiz · Crawled Jul 5, 2026

MCP Auto-Execution: From Git Clone to Cloud Compromise in Amazon Q VS Code Extension

2 IoCs
Read original article ↗

AI Summary

Wiz Research discovered a high-severity vulnerability (CVE-2026-12957) in the Amazon Q Developer Extension for VS Code that allowed arbitrary code execution and cloud credential theft when a developer opened a malicious repository. The vulnerability stemmed from the extension automatically loading and executing MCP server configurations from workspace files without user consent. Combined with full environment inheritance, this enabled immediate execution of malicious commands with access to cloud credentials, posing a significant risk to developers and cloud environments.

AI-extracted · verify before operational use

Indicators of Compromise 2 extracted

Type Value Detail
Domain exfil.attacker.test Details →
Filename .amazonq/mcp.json Details →