Skip to main content

Language Servers for AWS CVE-2026-12958

| EUVDEUVD-2026-38489 HIGH
UNIX Symbolic Link (Symlink) Following (CWE-61)
2026-06-23 AMZN
8.5
CVSS 4.0 · Vendor: AMZN
Share

Severity by source

Vendor (AMZN) PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local vector via opened workspace, no prior privileges needed but victim must open the project (UI:R); arbitrary file write yields high C/I/A on user files.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (AMZN).

CVSS VectorVendor: AMZN

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

2
Patch available
Jun 23, 2026 - 18:17 EUVD
Analysis Generated
Jun 23, 2026 - 17:00 vuln.today

DescriptionCVE.org

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary.

To remediate this issue, users should upgrade to version 1.69.0 or higher.

AnalysisAI

Arbitrary file write in AWS Language Servers (versions prior to 1.69.0) allows a local attacker to escape the workspace trust boundary by tricking a user into opening a workspace containing a maliciously crafted symbolic link. Because the language server fails to validate symlink targets, files written through normal language-server operations can land at arbitrary paths on disk, enabling tampering with sensitive files outside the workspace. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker crafts repository with malicious symlink
Delivery
Victim clones and opens workspace in IDE
Exploit
AWS Language Server processes workspace files
Execution
Symlink target resolved outside workspace
Persist
Arbitrary file written to sensitive path
Impact
Attacker leverages overwritten file for escalation

Vulnerability AssessmentAI

Exploitation Requires a local developer to open a workspace that the attacker controls (a cloned repository, extracted archive, or shared folder) containing a symbolic link whose target points outside the workspace directory, on a host where AWS Language Servers prior to 1.69.0 is active in the IDE. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H) is a high 8.5 because the impact on confidentiality, integrity and availability of the local user's files is significant, but exploitation is gated by local attack vector and active user interaction (UI:P) - the victim must open the attacker's workspace. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes a repository (for example on a public Git host) that contains a symlink such as ./config -> /home/victim/.aws/credentials; a developer clones it and opens it in an IDE running AWS Language Servers. When the language server performs a routine file write through that path, it follows the symlink and overwrites or creates content at the attacker-chosen location, allowing tampering with SSH keys, shell rc files, or AWS credentials to pivot further.
Remediation Vendor-released patch: upgrade Language Servers for AWS to version 1.69.0 or later as directed by AWS security bulletin 2026-047 (https://aws.amazon.com/security/security-bulletins/2026-047-aws/), and update any IDE extensions or toolkits that embed the language server so the bundled version is also at 1.69.0+. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct inventory of AWS Language Server deployments; document all versions currently in use and affected systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12958 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy