Skip to main content

Language Servers for AWS CVE-2026-12957

| EUVDEUVD-2026-38488 HIGH
Incorrect Permission Assignment for Critical Resource (CWE-732)
2026-06-23 AMZN
8.5
CVSS 4.0 · Vendor: AMZN
Share

Severity by source

Vendor (AMZN) PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local workspace delivery (AV:L), no auth needed against the language server (PR:N), but victim must actively accept trust prompt (UI:R); full host code execution yields C/I/A:H.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (AMZN).

CVSS VectorVendor: AMZN

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

2
Patch available
Jun 23, 2026 - 18:17 EUVD
Analysis Generated
Jun 23, 2026 - 17:00 vuln.today

DescriptionCVE.org

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This issue requires the user to trust the workspace when prompted.

To remediate this issue, users should upgrade to Language Servers for AWS version 1.65.0 or higher.

AnalysisAI

Arbitrary code execution in AWS Language Servers prior to version 1.65.0 allows attackers to run commands on a developer's machine when a victim opens and trusts a maliciously crafted workspace. The flaw stems from improper trust boundary enforcement (CWE-732) that causes commands embedded in project configuration files to execute automatically. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Attacker crafts malicious workspace with embedded commands
Delivery
Victim clones or downloads repository
Exploit
Victim opens folder in IDE with AWS language server
Install
Victim accepts workspace trust prompt
C2
Language server parses project config
Execute
Embedded commands execute as developer user
Impact
Attacker steals AWS credentials and source code

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) the victim to have an AWS Language Servers build older than 1.65.0 installed via an AWS-integrated IDE extension, (2) the victim to open an attacker-controlled workspace containing crafted project configuration files, and (3) the victim to click 'Trust' on the IDE's workspace-trust prompt - the description explicitly states 'This issue requires the user to trust the workspace when prompted.' Exploitation is local (AV:L) and does not require any pre-existing credentials or elevated privileges (PR:N), but the workspace-trust dialog is a meaningful limiting factor: developers who decline trust on unknown repositories are not exposed, and there is no network-remote or zero-click variant. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H) reflects a high-impact local issue: an attacker needs only to deliver a crafted workspace (e.g., a malicious repository) and the victim must perform the passive action of opening it and accepting the trust prompt - a click developers make routinely. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes a tutorial repository, sample CDK project, or pull-request branch containing crafted AWS project configuration files with embedded commands. A developer clones the repo and opens it in their IDE; when the workspace-trust prompt appears, they click 'Trust' (a routine action), and the AWS language server initializes the project and executes the attacker's commands under the developer's account, yielding access to AWS credentials, SSH keys, and source code.
Remediation Vendor-released patch: Language Servers for AWS 1.65.0 - upgrade to this version or later, which is the primary fix per the AWS security bulletin at https://aws.amazon.com/security/security-bulletins/2026-047-aws/. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Immediately (24 hours): Inventory all development systems running AWS Language Servers and disable automatic workspace trust functionality; require explicit security approval before opening any external projects. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12957 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy