CVE-2026-10591
CVE-2026-10591 affects Amazon Kiro IDE prior to 0.11. The issue is insufficient access control in the file write tool, allowing remote unauthenticated actors to cause writes to execution-sensitive paths (e.g., .vscode/tasks.json), enabling automatic execution on folder open. Impact is high: poten...