CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-0830

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.1%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2026-0830

Amazon » Kiro Ide » Version: N/A

cpe:2.3:a:amazon:kiro_ide:-
Amazon » Kiro Ide » Version: 0.1

cpe:2.3:a:amazon:kiro_ide:0.1
Amazon » Kiro Ide » Version: 0.2.13

cpe:2.3:a:amazon:kiro_ide:0.2.13
Amazon » Kiro Ide » Version: 0.2.38

cpe:2.3:a:amazon:kiro_ide:0.2.38
Amazon » Kiro Ide » Version: 0.2.59

cpe:2.3:a:amazon:kiro_ide:0.2.59
Amazon » Kiro Ide » Version: 0.2.68

cpe:2.3:a:amazon:kiro_ide:0.2.68
Amazon » Kiro Ide » Version: 0.3

cpe:2.3:a:amazon:kiro_ide:0.3
Amazon » Kiro Ide » Version: 0.3.9

cpe:2.3:a:amazon:kiro_ide:0.3.9
Amazon » Kiro Ide » Version: 0.4

cpe:2.3:a:amazon:kiro_ide:0.4
Amazon » Kiro Ide » Version: 0.5

cpe:2.3:a:amazon:kiro_ide:0.5
Amazon » Kiro Ide » Version: 0.5.9

cpe:2.3:a:amazon:kiro_ide:0.5.9
Amazon » Kiro Ide » Version: 0.6

cpe:2.3:a:amazon:kiro_ide:0.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-0830

Products

Pricing

Contact Us