VYPR

Kiro Ide

by Amazon

CVEs (3)

  • CVE-2026-10591HigJun 2, 2026
    risk 0.57cvss 8.8epss 0.00

    Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths (such as .vscode/tasks.json),…

  • CVE-2026-5429HigApr 2, 2026
    risk 0.51cvss 7.8epss 0.00

    Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue…

  • CVE-2026-0830HigJan 9, 2026
    risk 0.51cvss 7.8epss 0.01

    Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.