A serious vulnerability in Amazon Q Developer’s VS Code extension could let attackers steal cloud credentials just by getting a developer to open a malicious repository.
Wiz Research discovered the flaw and published technical details on Friday. The issue, tracked as CVE-2026-12957, was that the extension would automatically execute configuration files in a workspace without asking the user first. A booby-trapped repo could run attacker-controlled commands in the background the moment it was opened.
Think about that. You clone a repo for a job interview coding test, or you pull a dependency that’s been typosquatted, and suddenly your AWS credentials and API keys are being exfiltrated. No warning. No prompt. Just gone.
AWS was notified on April 20 and patched it on May 12. They published a security advisory this week. The fix is in language server version 1.65.0, which updates automatically in most cases.
Wiz noted this isn’t just an Amazon Q problem — similar issues have been found in other AI coding tools including Claude and Cursor. The underlying issue of auto-executing code without user consent is an industry-wide pattern that needs fixing.
If you use Amazon Q Developer, make sure your IDE has auto-updates enabled. If not, manually upgrade to the latest plugin version.
