CVE-2026-9255 – Tool Execution Without Authorization via Piped Stdin in Kiro CLI

admin
May 22, 2026
Wire

CVE ID :CVE-2026-9255

Published : May 22, 2026, 4:38 p.m. | 2 hours, 42 minutes ago

Description :Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin.

We recommend you to upgrade to kiro-cli version 1.28.0 or later.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… To Read More Visit Read More

Related Posts

CVE-2026-9051 – Authentication Bypass Vulnerability in NI SystemLink Enterprise

CVE-2026-49367 – JetBrains IntelliJ IDEA Command Execution Vulnerability

CVE-2026-47744 – Shopper: Authorization bypass and RBAC privilege escalation in team settings