CVE-2026-11931

Published: Giu 15, 2026 Last Modified: Giu 15, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,8

Source: ff89ba41-3aa1-4d27-914a-91399e9639e5

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 5,5

Source: ff89ba41-3aa1-4d27-914a-91399e9639e5

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions (0644) instead of owner-restricted permissions (0600).

To remediate this issue, users should upgrade to Kiro IDE version 0.11.133 or later. After upgrading and restarting the application, the cache file permissions are automatically updated on the next token refresh. Users operating in a multi-user environment can invalidate existing tokens by reauthenticating.

276

Incorrect Default Permissions

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Application Data Modify Application Data

Applicable Platforms

Technologies: Not Technology-Specific, ICS/OT

Likelihood of Exploit: Medium

View CWE Details

https://aws.amazon.com/security/security-bulletins/2026-045…

https://aws.amazon.com/security/security-bulletins/2026-045-aws/

https://kiro.dev/changelog/ide/0-11/#patch-0-11-133

CVE-2026-11931

Description

Incorrect Default Permissions

Common Consequences

Applicable Platforms

Iscriviti alla newsletter