Vulnerability intelligence
CVE-2026-12957
Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This issue requires the user to trust the workspace when prompted. To remediate this issue, users should upgrade to Language Servers for AWS version 1.65.0 or higher.
CVSS Score
8.5
High
EPSS — Exploit Probability
0.1%
Riskier than 2% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
1 article across 1 outlet · first covered Jun 26, 2026 · latest Jun 26, 2026
Tracked incidents
Coverage timeline
-
Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositorieswww.securityweek.com · Jun 26, 2026