VYPR
Vendor

Kilo

Products
2
CVEs
3
Across products
4
Status
Private

Products

2

Recent CVEs

3
  • CVE-2025-11445MedOct 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation results in injection. The attack can be initiated remotely. The exploit is now…

  • CVE-2026-8766MedMay 17, 2026
    risk 0.28cvss 4.3epss 0.00

    A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILO_CONFIG_CONTENT can lead to information…

  • CVE-2026-8765MedMay 17, 2026
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in…