CVE-2026-12958
HighCVSS 7.8Summary
Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary.
Risk Assessment
The organization may be exposed to unauthorized file access and potential data leaks, which could lead to serious legal and reputational consequences.
Recommendation
It is recommended to upgrade to version 1.69.0 or higher to remediate this vulnerability.
Original NVD description (English source)
Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate this issue, users should upgrade to version 1.69.0 or higher.

