PT-2026-51548 · Amazon Web Services · Language Servers For Aws

Published

2026-06-23

Updated

2026-06-23

CVE-2026-12958

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary.

To remediate this issue, users should upgrade to version 1.69.0 or higher.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-61

Related Identifiers

CVE-2026-12958

Affected Products

Language Servers For Aws

PT-2026-51548 · Amazon Web Services · Language Servers For Aws

CVE-2026-12958

Weakness Enumeration

Related Identifiers

Affected Products

References · 3