CVE-2026-12957 and a cluster of related CVEs in the Amazon Q Developer plugin exploit a trust boundary failure in the Model Context Protocol (MCP) implementation, allowing a malicious repository configuration file to automatically exfiltrate the developer’s active AWS session credentials when the workspace is opened. A related flaw in Anthropic Claude Code (CVE-2026-39861) confirms this is a systemic MCP architecture problem across AI coding assistants, not an isolated bug.