High severity7.8NVD Advisory· Published Jan 9, 2026· Updated Apr 28, 2026
CVE-2026-0830
CVE-2026-0830
Description
Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces.
To mitigate, users should update to the latest version.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- aws.amazon.com/security/security-bulletins/2026-001-AWS/nvdVendor Advisory
- kiro.dev/changelog/spec-correctness-and-cli/nvdRelease Notes
News mentions
0No linked articles in our index yet.