Security Advisory

CVE-2026-9255

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-22 16:38:10

Last updated 2026-05-23 03:55:58

Assigner AMZN

State PUBLISHED

Description

Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version 1.28.0 or later.

← Browse all CVEs View on cve.org ↗