High severity7.8NVD Advisory· Published May 22, 2026· Updated Jun 4, 2026
CVE-2026-9255
CVE-2026-9255
Description
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin.
We recommend you to upgrade to kiro-cli version 1.28.0 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2- aws.amazon.com/security/security-bulletins/2026-035-aws/nvdVendor Advisory
- kiro.dev/changelog/cli/1-28/nvdRelease Notes
News mentions
0No linked articles in our index yet.