CVE-2026-4295

Name of the Vulnerable Software and Affected Versions Kiro IDE versions prior to 0.8.0

Description A flaw exists in Kiro IDE that involves improper enforcement of trust boundaries. This could allow a remote, unauthenticated attacker to execute arbitrary code by using specially crafted project directory files. The issue bypasses workspace trust protections when a local user opens a directory.

Recommendations Upgrade to version 0.8.0 or higher.