Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Security Flaw in AWS Language Servers Could Let Malicious Code Run

A security weakness has been found in AWS Language Servers that could allow harmful code to run automatically if a user opens a risky project workspace and trusts it. This matters because it could let attackers take control of systems if the vulnerable software is used.

28 June 2026

Reference: CVE-2026-12957

1. What is being reported?

The issue involves AWS Language Servers before version 1.65.0, where if a user opens a specially crafted project workspace and agrees to trust it, commands in the project files may run without further checks. This could let attackers execute harmful code on the computer.

2. What this means in plain English

If your organisation uses AWS Language Servers and someone opens a project from an untrusted source, attackers might run dangerous commands on your system. This could lead to data loss, theft, or disruption of your IT systems.

3. Could this affect a small business?

Small businesses or charities using AWS Language Servers in their software development or IT setup could be affected. If you do not use this software or do not open project workspaces from unknown sources, you are less likely to be at risk.

4. What to do now

  • Check if your organisation uses AWS Language Servers and identify the version installed.
  • If you use this software, upgrade it to version 1.65.0 or later as soon as possible.
  • Avoid opening project workspaces from unknown or untrusted sources.
  • Ask your IT provider to confirm that your systems are protected against this vulnerability.

5. Ask your IT provider

Can you confirm whether our AWS Language Servers are updated to version 1.65.0 or higher to protect against the recent code execution vulnerability?

6. Bottom line

Keep your AWS Language Servers updated and only trust project workspaces from reliable sources to reduce risk.

Information from NVD, CISA KEV, and reputable security news reporting.

Back to Vulnerability Briefs