CVE-2026-10591EPSS p33.2%

CVE-2026-10591CVE-2026-10591

amazon / kiro_ide

Description

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths (such as .vscode/tasks.json), enabling auto-execution on folder open. To remediate this issue, users should upgrade to Kiro IDE version 0.11 or later.

Scoring

CVSS 8.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.42% probability of exploitation · percentile 33.2% · 2026-06-19T12:03:05Z
Last modified2026-06-05

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-9255
CVE
CVE-2026-5709
CVE
CVE-2025-54130
CVE
CVE-2025-58372
CVE
CVE-2026-49366
CVE
CVE-2025-54135
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.