Amazon: >> Kiro Cli >> 1.23.1 Security Vulnerabilities
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin.
We recommend you to upgrade to kiro-cli version 1.28.0 or later.
CVSS Score
8.4
EPSS Score
0.0
Published
2026-05-22