Security researchers at Wiz have uncovered a significant vulnerability in Amazon Q Developer that could allow cybercriminals to steal cloud credentials by tricking developers into opening malicious code repositories. The flaw, tracked as CVE-2026-12957, has been patched by AWS following responsible disclosure practices.

Amazon Q Developer serves as an AI-powered coding assistant offering features like intelligent code suggestions, automated refactoring capabilities, and integration with external tools and services through local process connections. However, the extension's design included a critical security oversight that researchers exploited to demonstrate credential theft scenarios.

The core vulnerability resided in the extension's automatic processing of configuration files embedded within workspaces without seeking explicit user consent. This behavior enabled malicious repositories to execute attacker-controlled commands silently upon opening, gaining access to cloud credentials and API keys present in the developer's environment.

Wiz researchers identified multiple attack scenarios that could exploit this vulnerability. These include fraudulent coding assessments resembling tactics used by North Korean cyber groups, typosquatted open-source packages designed to deceive developers, and malicious pull requests submitted to popular projects. Each scenario could potentially compromise developer systems without triggering security warnings.

Developers maintaining active authentication sessions with AWS or other cloud platforms faced elevated risk exposure. The vulnerability could capture and exfiltrate live session credentials without generating visible alerts, potentially granting attackers access to entire cloud infrastructures rather than just local development machines.

The security flaw affected Amazon Q Developer implementations across multiple integrated development environments. Beyond the primary VS Code extension, vulnerabilities existed in JetBrains, Eclipse, and Visual Studio plugins, as well as the underlying language server infrastructure that powers these integrations.

AWS responded promptly to the April 2026 disclosure, implementing fixes in language server version 1.65.0 by May 2026. The company addressed both the primary configuration file vulnerability and a related symbolic link handling issue designated CVE-2026-12958. AWS published an official security advisory to inform customers about potential impacts and remediation steps.

According to AWS representatives, the language server updates automatically for most users unless specific network configurations prevent automatic updates. Existing customers can trigger updates by reloading their IDE, while new installations automatically receive the patched version without requiring manual intervention.

The vulnerability pattern extends beyond Amazon Q Developer, with researchers identifying similar security issues in other AI coding assistants including Claude and Cursor. This suggests systemic challenges in securing AI-powered development tools that require extensive system access and integration capabilities.

The incident underscores growing security considerations surrounding AI coding assistants as they become integral to modern software development workflows. These tools typically require broad permissions to access code repositories, execute system commands, and integrate with cloud services, creating expanded attack surfaces that require careful security design.

Wiz researchers emphasized that the combination of automatic execution, shell spawning capabilities, and environment inheritance created a high-severity vulnerability in a widely-adopted developer tool. The potential for a single malicious repository to compromise both local machines and cloud infrastructure highlights the amplified risk profile of modern development environments.

The responsible disclosure process included Wiz providing technical details and proof-of-concept code after AWS implemented comprehensive fixes. This transparency enables the broader developer community to understand similar risks and implement appropriate security measures in their own development tools and workflows.

The vulnerability disclosure contributes to evolving security standards for AI-powered development platforms, emphasizing the need for secure-by-design principles in tools that integrate deeply with developer environments and cloud infrastructure.

Related Links:

• SecurityWeek
• Cloud Security
• Application Security
• Vulnerabilities