PT-2026-25936 · Aws · Kiro Ide
Published
2026-03-17
·
Updated
2026-03-17
·
CVE-2026-4295
CVSS v3.1
7.8
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory.
To remediate this issue, users should upgrade to version 0.8.0 or higher.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kiro Ide