Skip to main content

Kiro Cli

1 CVEs product

Monthly

CVE-2026-9255 HIGH PATCH This Week

Authorization bypass in AWS Kiro CLI versions prior to 1.28.0 allows a local attacker to invoke arbitrary tools, including shell commands, without triggering the user approval prompt by piping crafted content through stdin. Reported by Amazon (AMZN) and tagged as an Authentication Bypass, this issue has a vendor-released fix in 1.28.0; publicly available exploit code exists is not indicated, and the SSVC framework currently records no observed exploitation despite a Total technical impact rating.

Authentication Bypass Kiro Cli
NVD
CVSS 4.0
8.4
EPSS
0.0%
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Authorization bypass in AWS Kiro CLI versions prior to 1.28.0 allows a local attacker to invoke arbitrary tools, including shell commands, without triggering the user approval prompt by piping crafted content through stdin. Reported by Amazon (AMZN) and tagged as an Authentication Bypass, this issue has a vendor-released fix in 1.28.0; publicly available exploit code exists is not indicated, and the SSVC framework currently records no observed exploitation despite a Total technical impact rating.

Authentication Bypass Kiro Cli
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy