The Wire
Agents

NSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theft

Wizhigh signal

Wiz Research disclosed CVE-2026-12957 and CVE-2026-12958 in Amazon Q Developer, where the agent auto-loaded MCP server configs from a repo's .amazonq/mcp.json without consent or workspace-trust checks, allowing a booby-trapped repository to achieve arbitrary code execution and steal AWS credentials. In July the NSA responded with an official MCP Cybersecurity Information Sheet detailing the inverted client-server pattern, unverified task propagation, and arbitrary-code-execution exposure. The episode is now the reference case for why coding agents must never treat workspace files as trusted config.

Follow the thread