vulnerability context

CVE-2026-12957

CVSS 7.8 HIGHEPSS 2.0%CWE-732OTX 1 pulse

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This issue requires the user to trust the workspace when prompted. To remediate this issue, users should upgrade to Language Servers for AWS version 1.65.0 or higher.

Published 2026-06-23 · last modified 2026-06-23

details

CISA KEV status: Not in catalog
CVSS v3: 7.8 / HIGH
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS: 2.0% percentile (score 0.0012)
CWE: CWE-732
OTX pulses: 1 total, 0 recent

View on NVD → · cve.org

source mentions 2

source consensus

Bluesky1×
AWS Security Bulletins1×

Want the 3-bullet summary of CVE-2026-12957, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →