PT-2026-29886 · Kiro Ide · Kiro Ide
Published
2026-04-02
·
Updated
2026-04-03
·
CVE-2026-5429
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kiro IDE versions prior to 0.8.140
Description
An issue exists in the Kiro Agent webview within Kiro IDE, prior to version 0.8.140, where unsanitized input during web page generation can allow a remote, unauthenticated attacker to execute arbitrary code. This requires a local user to trust the workspace when prompted. The attack vector involves a crafted color theme name.
Recommendations
Upgrade to version 0.8.140.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kiro Ide