Incident · curated 27 Jun 2026
First reported 26 Jun 2026 · today
Single-source incident — first reported, latest, and curated coincide.
AI coding assistants that auto-load MCP configs from untrusted repos can be turned into a credential-stealing and code-execution vector against developers.
A high-severity flaw (CVE-2026-12957, CVSS 8.5) in Amazon Q Developer's handling of Model Context Protocol (MCP) servers allowed a malicious repository to run commands and steal a developer's cloud credentials once the workspace was trusted. Amazon has patched the bug.
Why it matters
AI coding assistants that auto-load MCP configs from untrusted repos can be turned into a credential-stealing and code-execution vector against developers.