CVE-2026-12957

Amazon Q Developer had a flaw that let a malicious repository run code and expose cloud credentials, according to Wiz Research. AWS says the issue is fixed, and customers are being urged to update affected plugins and language servers.