EUVD-2026-31471
GHSA-cv6r-hx5v-c4m6
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin.
We recommend you to upgrade to kiro-cli version 1.28.0 or later.
AnalysisAI
Arbitrary tool and shell command execution in AWS Kiro CLI before 1.28.0 occurs because the tool authorization prompt does not validate the source of its input, allowing attacker-controlled content piped via stdin to satisfy approval prompts on behalf of the user. An attacker who can get a victim to pipe untrusted content (file, curl output, clipboard, etc.) into kiro-cli can invoke any built-in tool - including shell - bypassing the human-in-the-loop confirmation step. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all systems and users employing AWS Kiro CLI; notify stakeholders of the vulnerability and specifically warn against piping untrusted content from URLs, files, or clipboard; assess criticality and consider temporary restrictions if not essential. Within 7 days: Restrict CLI access to authorized infrastructure teams only; disable shell command execution capability if operationally feasible; audit recent usage logs for suspicious activity. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today