PT-2026-51547 · Amazon Web Services · Language Servers For Aws

Published

2026-06-23

Updated

2026-06-23

CVE-2026-12957

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This issue requires the user to trust the workspace when prompted.

To remediate this issue, users should upgrade to Language Servers for AWS version 1.65.0 or higher.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2026-12957

Affected Products

Language Servers For Aws

PT-2026-51547 · Amazon Web Services · Language Servers For Aws

CVE-2026-12957

Weakness Enumeration

Related Identifiers

Affected Products

References · 3