PT-2026-51547 · Amazon Web Services · Language Servers For Aws
Publicado
2026-06-23
·
Atualizado
2026-06-23
·
CVE-2026-12957
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This issue requires the user to trust the workspace when prompted.
To remediate this issue, users should upgrade to Language Servers for AWS version 1.65.0 or higher.
Correção
Incorrect Permission
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Language Servers For Aws