<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-04T23:33:13.802654+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5d17ac72-d7ec-4852-9da6-aeefb1ddf953/export</id>
    <title>5d17ac72-d7ec-4852-9da6-aeefb1ddf953</title>
    <updated>2026-07-04T23:33:13.822477+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5d17ac72-d7ec-4852-9da6-aeefb1ddf953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12957", "type": "seen", "source": "https://bsky.app/profile/marko.social/post/3mpgt7iwrtc25", "content": "One way to ship code faster than intended is CVE-2026-12957 and CVE-2026-12958: Issues in Language Servers for #AWS and Amazon Q Developer Plugins. Your #AI coding assistant now executes arbitrary commands from any workspace you open \ud83d\ude1c\n\n#security\n\naws.amazon.com/security/sec...", "creation_timestamp": "2026-06-29T15:41:33.587566Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5d17ac72-d7ec-4852-9da6-aeefb1ddf953/export"/>
    <published>2026-06-29T15:41:33.587566+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/16536d06-bb2b-461b-858a-f536792f136b/export</id>
    <title>16536d06-bb2b-461b-858a-f536792f136b</title>
    <updated>2026-07-04T23:33:13.823876+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "16536d06-bb2b-461b-858a-f536792f136b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12957", "type": "seen", "source": "https://bsky.app/profile/royans.bsky.social/post/3mpd4xvyfrs2p", "content": "Amazon Q Developer: CVE-2026-12957 and MCP-Based Credential Exfiltration\n\n##AWS ##CloudSecurity ##VulnerabilityAnalysis ##AI_Security ##AmazonQ\n\nhttps://flagthis.com/newsletter/2026/06/28/tldr/4020", "creation_timestamp": "2026-06-28T04:25:37.033470Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/16536d06-bb2b-461b-858a-f536792f136b/export"/>
    <published>2026-06-28T04:25:37.033470+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/8e87bac5-f63d-44da-959b-94d4c2c1de98/export</id>
    <title>8e87bac5-f63d-44da-959b-94d4c2c1de98</title>
    <updated>2026-07-04T23:33:13.823991+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "8e87bac5-f63d-44da-959b-94d4c2c1de98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12957", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mpbn2p2k3h2m", "content": "CVE-2026-12957: Cloud Credential Theft via Amazon Q Developer", "creation_timestamp": "2026-06-27T14:08:11.335782Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/8e87bac5-f63d-44da-959b-94d4c2c1de98/export"/>
    <published>2026-06-27T14:08:11.335782+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/069aa58c-03fe-4612-88fb-204fec90c1f4/export</id>
    <title>069aa58c-03fe-4612-88fb-204fec90c1f4</title>
    <updated>2026-07-04T23:33:13.824085+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "069aa58c-03fe-4612-88fb-204fec90c1f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12957", "type": "seen", "source": "https://bsky.app/profile/sec-news-bot.bsky.social/post/3mpbcmqinxk2q", "content": "Amazon Q Developer \u306e\u8106\u5f31\u6027\u3001\u60aa\u610f\u3042\u308bMCP\u8a2d\u5b9a\u3067\u8a8d\u8a3c\u60c5\u5831\u76d7\u96e3\u306e\u53ef\u80fd\u6027\n\nAmazon \u304c CVE-2026-12957 \u3092\u4fee\u6b63\u3002Amazon Q Developer \u306e\u9ad8\u6df1\u523b\u5ea6\u306e\u8106\u5f31\u6027\u3067\u3001\u60aa\u610f\u3042\u308b\u30ea\u30dd\u30b8\u30c8\u30ea\u306e MCP \u8a2d\u5b9a\u304c\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u3068 AWS \u8a8d\u8a3c\u60c5\u5831\u306e\u7a83\u53d6\u3092\u53ef\u80fd\u306b\u3057\u3066\u3044\u305f\u3002\u958b\u767a\u8005\u74b0\u5883\u3078\u306e\u76f4\u63a5\u7684\u306a\u8105\u5a01\u306e\u305f\u3081\u65e9\u671f\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u304c\u5fc5\u9808\u3002\n\n#CVE #\u8106\u5f31\u6027 #\u60c5\u5831\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3", "creation_timestamp": "2026-06-27T11:01:25.670960Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/069aa58c-03fe-4612-88fb-204fec90c1f4/export"/>
    <published>2026-06-27T11:01:25.670960+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c967c63f-11fc-4ee7-871d-5bed8f1c9b74/export</id>
    <title>c967c63f-11fc-4ee7-871d-5bed8f1c9b74</title>
    <updated>2026-07-04T23:33:13.824174+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c967c63f-11fc-4ee7-871d-5bed8f1c9b74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12957", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mpazh4cpkp24", "content": "Opening a repo could run a stranger's code as you, with your AWS keys attached.\n\nThat was Amazon Q Developer (CVE-2026-12957). It's patched.\n\nUse it? Move to 1.69.0 and confirm the build actually updated.", "creation_timestamp": "2026-06-27T08:17:12.993103Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c967c63f-11fc-4ee7-871d-5bed8f1c9b74/export"/>
    <published>2026-06-27T08:17:12.993103+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3cc80f9e-a67a-4b78-847f-a3ae4368fa39/export</id>
    <title>3cc80f9e-a67a-4b78-847f-a3ae4368fa39</title>
    <updated>2026-07-04T23:33:13.824261+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3cc80f9e-a67a-4b78-847f-a3ae4368fa39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12957", "type": "seen", "source": "https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html", "content": "A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it.\n\nTracked as&amp;nbsp;CVE-2026-12957&amp;nbsp;(CVSS 8.5), the bug sat in how Amazon's AI coding assistant handled Model Context Protocol (MCP) servers.\n\nWiz", "creation_timestamp": "2026-06-27T01:00:39.473263Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3cc80f9e-a67a-4b78-847f-a3ae4368fa39/export"/>
    <published>2026-06-27T01:00:39.473263+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5d8adbb4-fa1c-4c0b-a07f-2696c5f91714/export</id>
    <title>5d8adbb4-fa1c-4c0b-a07f-2696c5f91714</title>
    <updated>2026-07-04T23:33:13.824340+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5d8adbb4-fa1c-4c0b-a07f-2696c5f91714", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12957", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mp7qblry4c2q", "content": "Amazon Q Developer: CVE-2026-12957 could let malicious repos run commands via MCP configs and steal cloud creds. Update Amazon Q and avoid opening untrusted repos. #Cybersecurity #Vulnerability #IdentitySecurity\n\nSource: https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html", "creation_timestamp": "2026-06-26T20:00:24.914690Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5d8adbb4-fa1c-4c0b-a07f-2696c5f91714/export"/>
    <published>2026-06-26T20:00:24.914690+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/de8a8e3b-69f5-448b-ac17-7f87781536fd/export</id>
    <title>de8a8e3b-69f5-448b-ac17-7f87781536fd</title>
    <updated>2026-07-04T23:33:13.824421+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "de8a8e3b-69f5-448b-ac17-7f87781536fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12957", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mp7pguzazz2n", "content": "Wiz found a high-severity flaw in Amazon Q Developer for VS Code that could expose cloud credentials when a malicious repo is opened. AWS patched CVE-2026-12957 and CVE-2026-12958. #AmazonQ #AWS #Wiz", "creation_timestamp": "2026-06-26T19:45:27.498357Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/de8a8e3b-69f5-448b-ac17-7f87781536fd/export"/>
    <published>2026-06-26T19:45:27.498357+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/bd81ea59-028e-4b94-af34-f37c2bc66d3d/export</id>
    <title>bd81ea59-028e-4b94-af34-f37c2bc66d3d</title>
    <updated>2026-07-04T23:33:13.824502+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "bd81ea59-028e-4b94-af34-f37c2bc66d3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12957", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mp7ooqvx5u2n", "content": "Amazon Q Developer Flaw CVE-2026-12957: When Opening a Repository Hands Over Your AWS Keys +\u00a0Video\n\nIntroduction: The integration of AI coding assistants into development workflows has introduced a new and insidious attack vector: the trusted workspace. A recently patched high-severity\u2026", "creation_timestamp": "2026-06-26T19:31:58.534442Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/bd81ea59-028e-4b94-af34-f37c2bc66d3d/export"/>
    <published>2026-06-26T19:31:58.534442+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d5844da1-e611-46d3-aa3e-22e9cc425a61/export</id>
    <title>d5844da1-e611-46d3-aa3e-22e9cc425a61</title>
    <updated>2026-07-04T23:33:13.824592+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d5844da1-e611-46d3-aa3e-22e9cc425a61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12957", "type": "seen", "source": "https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html", "content": "A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it.\n\nTracked as&amp;nbsp;CVE-2026-12957&amp;nbsp;(CVSS 8.5), the bug sat in how Amazon's AI coding assistant handled Model Context Protocol (MCP) servers.\n\nWiz", "creation_timestamp": "2026-06-26T19:00:42.880381Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d5844da1-e611-46d3-aa3e-22e9cc425a61/export"/>
    <published>2026-06-26T19:00:42.880381+00:00</published>
  </entry>
</feed>
