Amazon Q’s MCP Flaw Is an Industry Warning: AI Tools Still Lack Workspace Trust Standards

CVE-2026-12957 in Amazon Q Developer allowed malicious MCP server configs embedded in any opened repository to auto-execute as child processes, inheriting AWS credentials and API tokens with no user prompt. Wiz Research published a PoC; Amazon patched it in May 2026 (language server 1.65.0). This is at least the third MCP auto-execution CVE across major AI coding tools (also affecting Claude Code and Windsurf), all stemming from the same design flaw: workspace config files treated as trusted without explicit per-workspace user consent. The Model Context Protocol itself defines no trust baseline, leaving each vendor to implement their own — several getting it wrong. The recommended fix is a per-workspace consent check before any config spawns processes or makes network requests, similar to VS Code's workspace trust model introduced in 2021. Security teams should audit all AI coding tools in their developer fleets and ask vendors directly whether workspace configs execute without explicit consent.

Nguồn: https://latesthackingnews.com/2026/06/30/amazon-q-developer-vulnerability-mcp-trust-pattern. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.

Đề xuất cho bạn

dbushell60 Hot3 phút4 ngày trướcAITop

ARIA, anti-patterns, and you

ARIA Authoring Practices Guide (APG) không phải hướng dẫn tối ưu cho website mà chỉ minh …

#webdev#html#accessibility