Improper Trust Boundary Enforcement in Language Servers for AWS
CVE-2026-12957

8.5HIGH

Key Information:

Vendor: Amazon Web Services
Status: Language Servers For Aws
Vendor: CVE Published:; 23 June 2026

🔔 Create Amazon Web Services Vulnerability Alert

What is CVE-2026-12957?

An improper trust boundary enforcement vulnerability in Language Servers for AWS prior to version 1.65.0 can allow arbitrary code execution. This occurs when a local user opens a maliciously crafted workspace, potentially leading to the automatic execution of commands contained within the project's configuration files. Users must exercise caution and ensure they trust the workspace when prompted, as the exploitation of this vulnerability can result in significant security concerns. To mitigate this risk, upgrading to Language Servers for AWS version 1.65.0 or higher is strongly recommended.

Affected Version(s)

Language Servers for AWS 0 < 1.65.0

References

https://aws.amazon.com/security/security-bulletins/2026-0...

vendor-advisory

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 23, 2026

CVE-2026-12957 Data

JSON