CVE-2026-4295
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.8 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Description
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory.
To remediate this issue, users should upgrade to version 0.8.0 or higher.
To remediate this issue, users should upgrade to version 0.8.0 or higher.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-829
Source
NVD
Discussion (0)
Add Comment
No comments yet. Be the first!