32 matches found
EUVD-2026-36791
Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...
CVE-2026-11931
Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...
CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE
Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...
CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE
Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...
CVE-2026-11931
CVE-2026-11931 affects Kiro IDE on macOS and Linux prior to version 0.11.133, where the authentication token cache file could be world-readable (0644) instead of owner-restricted (0600). This may allow other local users/processes to access cached tokens. Remediation: upgrade to Kiro IDE 0.11.133 ...
PT-2026-49284
Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...
CVE-2026-10591
Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...
CVE-2026-10591
CVE-2026-10591 affects Amazon Kiro IDE prior to 0.11. The issue is insufficient access control in the file write tool, allowing remote unauthenticated actors to cause writes to execution-sensitive paths (e.g., .vscode/tasks.json), enabling automatic execution on folder open. Impact is high: poten...
CVE-2026-10591
Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...
CVE-2026-10591 Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths
Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...
CVE-2026-10591 Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths
Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...
EUVD-2026-33964
Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...
Amazon Kiro IDE 安全漏洞
Amazon Kiro IDE is an integrated development environment developed based on AI specifications by Amazon, Inc. Versions of Amazon Kiro IDE prior to 0.11 contained a security vulnerability. This vulnerability stemmed from insufficient access control restrictions in the file writing tool, allowing...
PT-2026-45768
Name of the Vulnerable Software and Affected Versions Amazon Kiro IDE versions prior to 0.11 Description Insufficient access control restrictions in the file write tool allow remote unauthenticated actors to execute arbitrary commands. This is achieved by using crafted instructions to write to...
CVE-2026-5429
The CVE concerns Kiro IDE’s Kiro Agent webview (pre-0.8.140). An unsanitized input path during web page generation permits a remote, unauthenticated attacker to execute arbitrary code by crafting a harmful color theme name when a local user opens a workspace. The issue relies on the user trusting...
CVE-2026-5429 Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme
Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...
CVE-2026-5429 Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme
Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...
PT-2026-29886
Name of the Vulnerable Software and Affected Versions Kiro IDE versions prior to 0.8.140 Description An issue exists in the Kiro Agent webview within Kiro IDE, prior to version 0.8.140, where unsanitized input during web page generation can allow a remote, unauthenticated attacker to execute...
Kiro IDE 安全漏洞
Kiro IDE is an integrated development environment developed by Kiro as open source. Versions of Kiro IDE prior to 0.8.140 contained security vulnerabilities. These vulnerabilities stemmed from uncleaned inputs during the webview generation in the Kiro Agent, which could allow remote, unverified...
CVE-2026-4295
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...