CVE-2026-12958
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.8 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Description
Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary.
To remediate this issue, users should upgrade to version 1.69.0 or higher.
To remediate this issue, users should upgrade to version 1.69.0 or higher.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-61
Source
NVD
Vendor
Amazon Web Services
Product
Language Servers for AWS
Discussion (0)
Add Comment
No comments yet. Be the first!