Primary

Context

Amazon Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths

Vulnerability

Patched

A vulnerability exists in Amazon Kiro IDE versions prior to 0.11, where insufficient access control in the file write tool may allow remote unauthenticated actors to execute arbitrary commands. This is achieved by crafting instructions that write to execution-sensitive paths, such as .vscode/tasks.json, which can trigger auto-execution when the folder is opened.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands, potentially allowing for malicious actions to be performed automatically when a folder is opened in the IDE.

Remediation

Users should upgrade to Kiro IDE version 0.11 or later.

Added: Jun 2, 2026, 4:55 PM

Updated: Jun 2, 2026, 4:55 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.4

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.4

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Amazon Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths

Vulnerability

Impact

Remediation

Affected Products

Amazon Kiro IDE

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating