{"data":{"id":"0b386f47-db3e-4f1e-8d5d-ff85e66181f8","title":"CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper","summary":"A vulnerability (CVE-2026-0830) in Kiro IDE, a desktop application that helps developers with code tasks, allows attackers to run arbitrary commands (command injection, where an attacker executes unauthorized code) on a user's computer by tricking them into opening a workspace with specially crafted folder names. This bug affects Kiro versions before 0.6.18.","solution":"Update to Kiro version 0.6.18 or later.","labels":["security"],"sourceUrl":"https://aws.amazon.com/security/security-bulletins/rss/2026-001-aws/","publishedAt":"2026-06-05T19:19:25.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Kiro"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-05T19:19:25.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}