Kiro Cli
Monthly
Arbitrary tool and shell command execution in AWS Kiro CLI before 1.28.0 occurs because the tool authorization prompt does not validate the source of its input, allowing attacker-controlled content piped via stdin to satisfy approval prompts on behalf of the user. An attacker who can get a victim to pipe untrusted content (file, curl output, clipboard, etc.) into kiro-cli can invoke any built-in tool - including shell - bypassing the human-in-the-loop confirmation step. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Arbitrary tool and shell command execution in AWS Kiro CLI before 1.28.0 occurs because the tool authorization prompt does not validate the source of its input, allowing attacker-controlled content piped via stdin to satisfy approval prompts on behalf of the user. An attacker who can get a victim to pipe untrusted content (file, curl output, clipboard, etc.) into kiro-cli can invoke any built-in tool - including shell - bypassing the human-in-the-loop confirmation step. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.