CVE-2026-0830

CVSS v3.1

7.8

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kiro IDE versions prior to 0.6.18

Description Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper. This occurs when opening maliciously crafted workspaces. The issue involves the processing of workspace folder names, potentially leading to the execution of unintended commands.

Recommendations Update Kiro IDE to version 0.6.18 or later.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-0830

Affected Products

Kiro Ide

CVE-2026-0830

Weakness Enumeration

Related Identifiers

Affected Products

References · 9