Primary

Context

Kiro IDE Improper Trust Boundary Enforcement Allowing Arbitrary Code Execution

Vulnerability

A vulnerability in Kiro IDE prior to version 0.8.0 on all supported platforms allows remote, unauthenticated threat actors to execute arbitrary code. This issue arises from improper trust boundary enforcement, which enables maliciously crafted project directory files to bypass workspace trust protections. When a local user opens the directory, the crafted files can execute unauthorized code.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Remediation

Users should upgrade to Kiro IDE version 0.8.0 or higher. The latest version is available on the Kiro website. For those unable to upgrade immediately, it is advised to avoid opening untrusted project directories in Kiro IDE.

Added: Mar 17, 2026, 8:19 PM

Updated: Mar 17, 2026, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kiro IDE Improper Trust Boundary Enforcement Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating