Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local workspace delivery (AV:L), no auth needed against the language server (PR:N), but victim must actively accept trust prompt (UI:R); full host code execution yields C/I/A:H.
Primary rating from Vendor (AMZN).
CVSS VectorVendor: AMZN
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This issue requires the user to trust the workspace when prompted.
To remediate this issue, users should upgrade to Language Servers for AWS version 1.65.0 or higher.
Articles & Coverage 1
AnalysisAI
Arbitrary code execution in AWS Language Servers prior to version 1.65.0 allows attackers to run commands on a developer's machine when a victim opens and trusts a maliciously crafted workspace. The flaw stems from improper trust boundary enforcement (CWE-732) that causes commands embedded in project configuration files to execute automatically. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) the victim to have an AWS Language Servers build older than 1.65.0 installed via an AWS-integrated IDE extension, (2) the victim to open an attacker-controlled workspace containing crafted project configuration files, and (3) the victim to click 'Trust' on the IDE's workspace-trust prompt - the description explicitly states 'This issue requires the user to trust the workspace when prompted.' Exploitation is local (AV:L) and does not require any pre-existing credentials or elevated privileges (PR:N), but the workspace-trust dialog is a meaningful limiting factor: developers who decline trust on unknown repositories are not exposed, and there is no network-remote or zero-click variant. Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H) reflects a high-impact local issue: an attacker needs only to deliver a crafted workspace (e.g., a malicious repository) and the victim must perform the passive action of opening it and accepting the trust prompt - a click developers make routinely. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes a tutorial repository, sample CDK project, or pull-request branch containing crafted AWS project configuration files with embedded commands. A developer clones the repo and opens it in their IDE; when the workspace-trust prompt appears, they click 'Trust' (a routine action), and the AWS language server initializes the project and executes the attacker's commands under the developer's account, yielding access to AWS credentials, SSH keys, and source code. |
| Remediation | Vendor-released patch: Language Servers for AWS 1.65.0 - upgrade to this version or later, which is the primary fix per the AWS security bulletin at https://aws.amazon.com/security/security-bulletins/2026-047-aws/. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Immediately (24 hours): Inventory all development systems running AWS Language Servers and disable automatic workspace trust functionality; require explicit security approval before opening any external projects. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Language Servers For Aws
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38488