Language%20Servers%20for%20AWS

Language Servers for AWS

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-12958

Assigner-Amazon

View Details

Assigner-Amazon

CVSS Score-8.5||HIGH

EPSS-Not Assigned

Published-23 Jun, 2026 | 16:03

Updated-23 Jun, 2026 | 18:17

Arbitrary file write in Language Servers for AWS

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate this issue, users should upgrade to version 1.69.0 or higher.

Vendor-Amazon Web Services

Product-Language Servers for AWS

CWE ID-CWE-61

UNIX Symbolic Link (Symlink) Following

CVE-2026-12957

Assigner-Amazon

View Details

Assigner-Amazon

CVSS Score-8.5||HIGH

EPSS-Not Assigned

Published-23 Jun, 2026 | 16:02

Updated-23 Jun, 2026 | 18:17

Arbitrary Code Execution in Language Servers for AWS

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This issue requires the user to trust the workspace when prompted. To remediate this issue, users should upgrade to Language Servers for AWS version 1.65.0 or higher.

Vendor-Amazon Web Services

Product-Language Servers for AWS

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource