Security/ security · aws · developer-tools · vulnerability

Amazon Q Developer flaw let cloned repos steal AWS credentials

A patched high-severity bug in Amazon Q Developer allowed a malicious repository's config file to silently run commands and exfiltrate AWS credentials.

A single config file in a cloned repository was enough to compromise a developer's AWS account through Amazon Q Developer.

Wiz Research discovered the vulnerability, now tracked as CVE-2026-12957, and reported it to Amazon on April 20. Amazon patched the issue on May 12, nearly three weeks later, and the public disclosure landed today. The flaw was rated high severity: a malicious repository could silently execute commands on a developer's machine and walk away with their AWS credentials — no additional interaction required beyond cloning the repo.

The stakes here are unusually high because AWS credentials are keys to the kingdom. A stolen access key can spin up infrastructure, exfiltrate data, or rack up charges before anyone notices. The attack surface — a developer cloning what looks like a legitimate repository — is routine enough that it is easy to miss.

AI coding assistants that integrate tightly with cloud infrastructure are an attractive target precisely because developers trust them to run things on their behalf. Amazon Q Developer is not alone in that exposure; any tool that reads project configuration files and acts on them faces a similar category of risk. The fix is in, but the broader pattern of config-file-as-attack-surface is not going away.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →