THREATOPS
THREAT OPSThreat News › MCP Auto-Execution: From Git Clone to Cloud Compromise in Amazon Q VS Code Extension

MCP Auto-Execution: From Git Clone to Cloud Compromise in Amazon Q VS Code Extension

lowwiz_researchPublished 2026-06-26

By automatically loading MCP servers from workspace files, Amazon Q enabled attackers to execute code and access sensitive cloud environments.

Original source: https://www.wiz.io/blog/amazon-q-vulnerability