{"data":{"id":"7961089d-276a-48d9-a6f2-642a4b7faec7","title":"CVE-2026-5429 - Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme","summary":"Kiro IDE (a development environment that uses AI agents to help developers) has a cross-site scripting vulnerability (XSS, where an attacker injects malicious code that runs in a web browser) in versions before 0.8.140. An attacker can exploit this by creating a malicious workspace with a crafted color theme name, and if a user opens and trusts that workspace, the attacker's code will execute on their computer.","solution":"Update Kiro IDE to version 0.8.140 or later.","labels":["security"],"sourceUrl":"https://aws.amazon.com/security/security-bulletins/rss/2026-012-aws/","publishedAt":"2026-04-14T16:52:04.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["AWS","Kiro IDE"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-14T16:52:04.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}