Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-9255

Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version 1.28.0 or later.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.1%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2026-9255
  • Amazon » Kiro Cli » Version: N/A
    cpe:2.3:a:amazon:kiro_cli:-
  • Amazon » Kiro Cli » Version: 1.20.0
    cpe:2.3:a:amazon:kiro_cli:1.20.0
  • Amazon » Kiro Cli » Version: 1.20.1
    cpe:2.3:a:amazon:kiro_cli:1.20.1
  • Amazon » Kiro Cli » Version: 1.20.2
    cpe:2.3:a:amazon:kiro_cli:1.20.2
  • Amazon » Kiro Cli » Version: 1.21.0
    cpe:2.3:a:amazon:kiro_cli:1.21.0
  • Amazon » Kiro Cli » Version: 1.22.0
    cpe:2.3:a:amazon:kiro_cli:1.22.0
  • Amazon » Kiro Cli » Version: 1.23.0
    cpe:2.3:a:amazon:kiro_cli:1.23.0
  • Amazon » Kiro Cli » Version: 1.23.1
    cpe:2.3:a:amazon:kiro_cli:1.23.1
  • Amazon » Kiro Cli » Version: 1.24.0
    cpe:2.3:a:amazon:kiro_cli:1.24.0
  • Amazon » Kiro Cli » Version: 1.25.0
    cpe:2.3:a:amazon:kiro_cli:1.25.0
  • Amazon » Kiro Cli » Version: 1.25.1
    cpe:2.3:a:amazon:kiro_cli:1.25.1
  • Amazon » Kiro Cli » Version: 1.26.0
    cpe:2.3:a:amazon:kiro_cli:1.26.0
  • Amazon » Kiro Cli » Version: 1.27
    cpe:2.3:a:amazon:kiro_cli:1.27


Products
Pricing
Contact Us

Shodan ® - All rights reserved