// Alert

AWS threat report

// AWSHIGH

Two high-severity vulnerabilities (CVE-2026-12957, CVE-2026-12958) in Amazon Q Developer Extension for VS Code and other IDEs allowed remote code execution and AWS credential theft when developers opened malicious repositories containing an `.amazonq/mcp.json` file. The extension auto-loaded MCP server configurations without user consent, enabling attackers to exfiltrate AWS credentials, API keys, and SSH agent sockets. Patches available in Language Servers for AWS 1.69.0 and corresponding IDE extensions.

// Get alerts for AWS