Which versions of Kiro Ide are affected by CVE-2026-5429?

AWS Kiro IDE versions before 0.8.140 contain an arbitrary code execution vulnerability triggered when users open malicious workspace files with crafted color theme names, requiring user interaction…. A patch is available.

How to fix or mitigate CVE-2026-5429?

Within 24 hours: Inventory all Kiro IDE installations and identify systems running versions prior to 0.8.140. Within 7 days: Update AWS Kiro IDE to version 0.8.140 or later on all affected systems; validate installations post-patch. Within 30 days: Review workspace file sharing practices and implement controls restricting workspace opening to trusted internal sources only; document baseline of applied patch status for compliance records.

Kiro Ide CVE-2026-5429

Q: What is the CVSS score of CVE-2026-5429?

CVE-2026-5429 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-18519 HIGH

Cross-site Scripting (XSS) (CWE-79)

2026-04-02 AMZN

GHSA-7v7j-vpv5-h468

XSS RCE Kiro Ide

7.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:08 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

0.8.140

EUVD ID Assigned

Apr 02, 2026 - 19:01 euvd

EUVD-2026-18519

Analysis Generated

Apr 02, 2026 - 19:01 vuln.today

CVE Published

Apr 02, 2026 - 18:37 nvd

HIGH 7.1

DescriptionCVE.org

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user to trust the workspace when prompted.

To remediate this issue, users should upgrade to version 0.8.140.

AnalysisAI

Arbitrary code execution in AWS Kiro IDE versions prior to 0.8.140 occurs when a local user opens a maliciously crafted workspace containing an unsanitized color theme name, exploiting improper neutralization of input during webview generation. The attack requires user interaction (trusting the workspace when prompted) and can deliver full system compromise with high confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft malicious color theme name

Delivery

Distribute workspace with payload

Exploit

User opens workspace and trusts prompt

Execution

Unsanitized input injected into webview

Impact

Arbitrary code execution in Kiro Agent

Access

Craft malicious color theme name

Delivery

Distribute workspace with payload

Exploit

User opens workspace and trusts prompt

Execution

Unsanitized input injected into webview

Impact

Arbitrary code execution in Kiro Agent

Vulnerability AssessmentAI

Exploitation	Kiro IDE versions before 0.8.140. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Real-world risk assessment reveals moderate overall threat despite the 7.1 CVSS score and high impact ratings. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker creates a malicious Kiro IDE workspace configuration with a specially crafted color theme name containing JavaScript payload, then distributes this workspace via a public GitHub repository advertising useful development tools or project templates. When a developer clones the repository and opens it in vulnerable Kiro IDE versions, the IDE prompts for workspace trust-a common occurrence developers often accept reflexively. …
Remediation	Upgrade immediately to AWS Kiro IDE version 0.8.140 or later, which contains input sanitization fixes for webview rendering of workspace configuration parameters. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Kiro IDE installations and identify systems running versions prior to 0.8.140. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-11931 MEDIUM This Month

6.8 Jun 15

Authentication token cache file exposure in Kiro IDE on macOS and Linux allows any local user to read credentials belong

CVE-2026-5429 vulnerability details – vuln.today

Back