Two high-severity vulnerabilities (CVE-2026-12957, CVE-2026-12958) in Amazon Q Developer Extension for VS Code and other IDEs allowed remote code execution and AWS credential theft when developers opened malicious repositories containing an `.amazonq/mcp.json` file. The extension auto-loaded MCP server configurations without user consent, enabling attackers to exfiltrate AWS credentials, API keys, and SSH agent sockets. Patches available in Language Servers for AWS 1.69.0 and corresponding IDE extensions.
Unit 42 researchers documented active attack techniques where threat actors disable or manipulate AWS CloudTrail logging to evade detection. Attackers can invoke the CloudTrail StopLogging API, delete log storage destinations, manipulate KMS encryption keys to render logs inaccessible, or redirect logs to attacker-controlled environments for persistent visibility. Organizations should enforce strict access controls on logging resources and leverage immutable log features.
A campaign tracked under Langflow vulnerability CVE-2026-33017 is being actively exploited to steal AWS access keys from compromised Langflow instances and enlist victim systems as workers in a NATS-based botnet. The flaw resides in Langflow, a third-party open-source AI workflow tool, but exposed deployments commonly hold AWS credentials used to wire Langflow into cloud services, making AWS customers running Langflow the primary loot target. Reporting describes ongoing in-the-wild exploitation of internet-exposed Langflow servers, with attackers exfiltrating cloud keys and deploying secondary payloads. AWS customers operating Langflow should patch to the fixed version, audit IAM credentials configured in Langflow flows, rotate any keys that may have been exposed, and review CloudTrail for anomalous activity originating from those keys. This is distinct from prior AWS-related advisories tracked in recent alerts.
AI observability startup Braintrust disclosed that an attacker gained unauthorized access to one of its AWS accounts, potentially exposing customer secrets used to connect Braintrust to cloud-based AI providers. The company detected suspicious activity on May 4, 2026, locked down the affected account, rotated internal credentials, restricted access to related systems, and engaged incident response experts. Braintrust has confirmed impact to one customer and is investigating suspicious AI-provider usage spikes reported by three additional customers, though it says broader exposure has not been identified. All organization administrators with stored AI provider keys were notified, and customers are urged to rotate any org-level AI provider keys used with Braintrust as a precaution. The incident illustrates AI supply chain risk, since stolen API keys can let attackers abuse downstream AI services while appearing as legitimate users.
Wasabi Protocol disclosed a security breach in which attackers exploited a vulnerability in its AWS infrastructure to obtain private keys controlling its smart contracts, resulting in the theft of approximately $5.7 million on April 30, 2026. About $4.8 million was taken from user funds and $900,000 from the project treasury across EVM vaults on Ethereum, Base, Blast, and Berachain; Solana deployments and Prop AMM were not affected. Wasabi states the vulnerability has been contained and unaffected vaults resumed withdrawals on May 2, with ZeroShadow engaged to trace the stolen funds. The reported issue concerns Wasabi's use of AWS rather than a confirmed flaw in AWS itself, and no AWS-side advisory has been published. No definitive user compensation plan has been announced.
Red Hat has disclosed a Linux kernel local privilege escalation vulnerability dubbed "Dirty Frag" (pending CVE, tracked as RHSB-2026-003) that affects Red Hat OpenShift Service on AWS (ROSA Classic) and ROSA with Hosted Control Plane, alongside other OpenShift variants. The flaw resides in kernel code paths reachable via the esp4, esp6, and rxrpc modules, enabling a local attacker to escalate privileges on cluster nodes. Patched kernels will be delivered via OpenShift z-stream updates through the OpenShift Update Service. As an interim mitigation, Red Hat recommends blacklisting the affected kernel modules, which does not require node reboots but will break workloads that depend on IPsec or related functionality. ROSA operators should apply the mitigation now and track z-stream availability for a permanent fix.
A command injection vulnerability has been disclosed affecting Amazon ECS on Windows, tracked publicly without a formal CVE identifier and rated medium severity. The flaw reportedly allows an attacker to inject operating system commands through the ECS Windows component, potentially leading to unauthorized command execution within affected container environments. No public reports of active exploitation have been identified, and AWS customers running ECS on Windows should review AWS security bulletins and apply mitigations or updates as they become available. Other sources reviewed did not contain AWS-specific security events and were excluded.
AWS published security bulletin AWS-2026-026 covering CVE-2026-31431. The bulletin appears on the official AWS security bulletins feed, indicating an advisory affecting an AWS service or component, though specific technical details, affected services, and remediation guidance were not retrievable from the provided excerpt. Customers should consult the AWS bulletin directly to determine impact and required action. The other sources referenced (Apache HTTP/2 RCE, Q1 2026 vulnerability landscape, and a CVE refresh-planning article) are not AWS-specific and were excluded.