Description
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin.



We recommend you to upgrade to kiro-cli version 1.28.0 or later.
Published: 2026-05-22
Score: 8.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing input source validation in the tool authorization prompt of Kiro CLI enables a local attacker to pipe arbitrary content to the application, resulting in the execution of any tool or shell command without user approval. The weakness is an authorization bypass that allows the attacker to run code with the privileges of the CLI user. This can compromise system integrity, leak confidential data, or serve as a foothold for further attacks.

Affected Systems

AWS Kiro CLI versions prior to 1.28.0 are vulnerable. Users running any older release of the CLI may be exposed to this behavior.

Risk and Exploitability

The vulnerability has a CVSS score of 8.4, indicating high severity. EPSS data is unavailable, but the attack requires local access and the ability to pipe data to standard input, making it a local resource-based exploit. It is not listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation yet.

Generated by OpenCVE AI on May 22, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Kiro CLI to version 1.28.0 or later.
  • Limit usage of the CLI to trusted system accounts and enforce least‑privilege permissions.
  • Implement monitoring or logging to detect unexpected tool execution patterns originating from the CLI.

Generated by OpenCVE AI on May 22, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 22 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version 1.28.0 or later.
Title Tool Execution Without Authorization via Piped Stdin in Kiro CLI
First Time appeared Aws
Aws kiro Cli
Weaknesses CWE-862
CPEs cpe:2.3:a:aws:kiro_cli:*:*:*:*:*:*:*:*
Vendors & Products Aws
Aws kiro Cli
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Aws Kiro Cli
cve-icon MITRE

Status: PUBLISHED

Assigner: AMZN

Published:

Updated: 2026-05-23T03:55:58.873Z

Reserved: 2026-05-21T20:55:28.520Z

Link: CVE-2026-9255

cve-icon Vulnrichment

Updated: 2026-05-22T17:22:36.899Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T18:30:42Z

Weaknesses