Attackers don't need any special authentication to reach a target endpoint — they just need to know where it is.
CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...