5 matches found
CVE-2026-9255
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...
CVE-2026-9255 Tool Execution Without Authorization via Piped Stdin in Kiro CLI
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...
EUVD-2026-31471
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...
PT-2026-42816
Name of the Vulnerable Software and Affected Versions Kiro CLI versions prior to 1.28.0 Description Missing input source validation in the tool authorization prompt allows a local attacker to execute arbitrary tools, including shell commands, without user approval. This is achieved by crafting...
Amazon Web Services Kiro CLI 安全漏洞
Amazon Web Services Kiro CLI is a command-line intelligent programming tool provided by Amazon, which supports AI agents, MCP integration, and terminal automation. Versions of the Amazon Web Services Kiro CLI prior to 1.28.0 contained security vulnerabilities. These vulnerabilities stemmed from...