CVE-2026-12957 & 12958: Amazon Q Developer Flaws
🟠 High | Source: AWS Security Bulletins Two vulnerabilities have been identified in Language Servers for AWS, the runtime underpinning Amazon Q Developer’s IDE plugins for VS Code, JetBrains, Eclipse, and Visual Studio. CVE-2026-12957 allows arbitrary command execution when a user opens and trusts a maliciously crafted workspace, whilst CVE-2026-12958 enables path traversal outside the workspace boundary via a crafted symlink. Both issues are patched in Language Servers for AWS version 1.69.0 and corresponding plugin updates. ...