Adversaries could plant a malicious repository that executes arbitrary code and steals cloud credentials, showcasing MCP risk.

A flaw in Amazon Q Developer let malicious repositories inject rogue Model Context Protocol (MCP)...

CVE-2026-12957 in Amazon Q Developer allowed attackers to steal AWS credentials via malicious repos. Wiz Research found the flaw, now patched in version

Adversaries could plant a malicious repository that executes arbitrary code and steals cloud credentials, showcasing MCP risk.