AWS Language Servers for AWS LPE via Insecure Trust Boundaries and Symlink Validation (CVE-2026-12957/CVE-2026-12958)
Security AdvisoryCVE-2026-12957UnknownAWS
Affected:
- Language Servers for AWS < 1.69.0
- Amazon Q Developer for Visual Studio Code < 2.20
- Amazon Q Developer for JetBrains < 4.3
- Amazon Q Developer for Eclipse < 2.7.4
- AWS Toolkit with Amazon Q for Visual Studio < 1.94.0.0
Fixed in:
- Language Servers for AWS 1.69.0
- Amazon Q Developer for Visual Studio Code >= 2.20
- Amazon Q Developer for JetBrains >= 4.3
- Amazon Q Developer for Eclipse >= 2.7.4
- AWS Toolkit with Amazon Q for Visual Studio >= 1.94.0.0
Referenced CVEs: CVE-2026-12958 · 7.8 CVE-2026-12957 · 7.8
文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive
This content was auto-fetched from aws.amazon.com, cleaned by our LLM pipeline, and translated to English. View original.