CVE-2026-4295

Published: Mar 17, 2026 Last Modified: Mar 17, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,5

Source: ff89ba41-3aa1-4d27-914a-91399e9639e5

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: passive

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 7,8

Source: ff89ba41-3aa1-4d27-914a-91399e9639e5

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory.

To remediate this issue, users should upgrade to version 0.8.0 or higher.

829

Inclusion of Functionality from Untrusted Control Sphere

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

All platforms may be affected

View CWE Details

https://aws.amazon.com/security/security-bulletins/2026-009…

https://aws.amazon.com/security/security-bulletins/2026-009-AWS/

https://kiro.dev/changelog/ide/0-8/

CVE-2026-4295

Description

Inclusion of Functionality from Untrusted Control Sphere

Common Consequences

Applicable Platforms

Iscriviti alla newsletter