AWS Language Servers for AWS LPE via Insecure Trust Boundaries and Symlink Validation (CVE-2026-12957/CVE-2026-12958)
Security AdvisoryCVE-2026-12957UnknownAWS
Affected:
- Language Servers for AWS < 1.69.0
- Amazon Q Developer for Visual Studio Code < 2.20
- Amazon Q Developer for JetBrains < 4.3
- Amazon Q Developer for Eclipse < 2.7.4
- AWS Toolkit with Amazon Q for Visual Studio < 1.94.0.0
Fixed in:
- Language Servers for AWS 1.69.0
- Amazon Q Developer for Visual Studio Code >= 2.20
- Amazon Q Developer for JetBrains >= 4.3
- Amazon Q Developer for Eclipse >= 2.7.4
- AWS Toolkit with Amazon Q for Visual Studio >= 1.94.0.0
文章内图片已隐藏以节省流量 · 升级 Pro 后可见图片及离线存档
本文由本平台从 aws.amazon.com 自动抓取,经 LLM 流水线清洗、双语翻译。版权归原作者。查看原文。