Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact. The post Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories appeared first on SecurityWeek .

According to the report, researchers at Wiz discovered a high-severity flaw in the Amazon Q Developer extensions and language server where configuration files in a malicious repository could auto-execute, spawn shells, and inherit the developer’s environment, enabling theft of cloud credentials and API keys as soon as the repo was opened.[1][2] AWS has patched the issue (CVE-2026-12957 and CVE-2026-12958) across affected Amazon Q Developer plugins and language server versions and advises users to update, noting that newer versions add consent prompts and fix unsafe symlink handling.[1][2] From a CyberSE.AI perspective, this illustrates how AI-powered coding agents and their tooling can be abused as privileged automation agents, turning a simple repo open into a full environment compromise, and highlights AI supply chain risks where IDE extensions and language servers silently change behavior. Organizations should harden their AI agent build and deployment process, continuously red-team AI-assisted developer workflows (including malicious repos and config payloads), and maintain SBOM-style visibility and version control over AI extensions and language servers used in development env