CVE-2026-8766

Vulnerability

Description

CVE-2026-8766 is an arbitrary file read vulnerability in the Kilo-Org kilocode CLI, affecting versions up to 7.0.47 [1]. The flaw resides in the load() function within packages/opencode/src/config/config.ts when handling the KILO_CONFIG_CONTENT environment variable. During parsing, the ConfigPaths.parseText method processes {file:path} token substitutions before validating the JSON schema, allowing an attacker-controlled environment variable to force the CLI to read arbitrary local files [1].

Exploitation

Method

An attacker who can control or inject the KILO_CONFIG_CONTENT environment variable can craft a payload containing an unrecognized JSON key that includes a {file:/target} token [1]. The token substitution reads the target file and inserts its content into the key's value. When the configuration is validated against the Zod schema, the unrecognized key causes a validation error that dumps the fully expanded key text—including the file content—to stderr in the crash log [1]. The attack can be launched remotely by providing a crafted environment variable to the CLI, requiring no authentication if the attacker already has control over the process environment.

Impact

Successful exploitation leads to information disclosure, as an attacker can read arbitrary files on the system where the kilocode CLI is executed [1]. The leaked content is exposed in the application's error output, potentially revealing sensitive data such as configuration files, credentials, or other proprietary information.

Mitigation

The vendor was contacted but did not respond, and no official patch or workaround is documented at the time of publication [1]. This vulnerability represents an incomplete remediation of a previously patched issue in the legacy OPENCODE_CONFIG_CONTENT variable, where the patch logic was not carried over during the namespace migration to KILO_ [1]. Users should restrict control over environment variables passed to the CLI until a patch is available.