CVE-2026-9255
EUVD-2026-3147122.05.2026, 17:16
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version 1.28.0 or later.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| amazon | kiro_cli | 𝑥 < 1.28.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration