4 min read
News Brief CVE-2026-12957 lets a malicious repository silently execute arbitrary commands the moment a developer opens it in Amazon Q Developer, exfiltrating AWS credentials with no user interaction required.
amazon-q
CVE-2026-12957 lets a malicious repository silently execute arbitrary commands the moment a developer opens it in Amazon Q Developer, exfiltrating AWS credentials with no user interaction required.