CVE Catalog

CVE-2026-12958

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Summary

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary.

Risk Assessment

The organization may be exposed to unauthorized file access and potential data leaks, which could lead to serious legal and reputational consequences.

Recommendation

It is recommended to upgrade to version 1.69.0 or higher to remediate this vulnerability.

Original NVD description (English source)

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate this issue, users should upgrade to version 1.69.0 or higher.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS