VYPR
Vendor

Kiro

Products
2
CVEs
2
Across products
2
Status
Private

Products

2

Recent CVEs

2
  • CVE-2026-9255HigMay 22, 2026
    risk 0.51cvss 7.8epss 0.00

    Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade…

  • CVE-2026-4295Mar 17, 2026
    risk 0.00cvss epss 0.00

    Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user…