{"data":{"id":"8d3e6e58-f50a-4833-9074-1bbc22f0ac08","title":"Arbitrary code execution via crafted project files in Kiro IDE","summary":"Kiro IDE, an AI-powered development environment for building autonomous software agents, has a vulnerability (CVE-2026-4295) that allows arbitrary code execution (running unintended commands on a system) when users open malicious project files. The flaw exists in versions before 0.8.0 due to improper trust boundary enforcement (failing to verify that data comes from a safe source).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://aws.amazon.com/security/security-bulletins/rss/2026-009-aws/","publishedAt":"2026-03-17T19:20:39.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Kiro IDE"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-03-17T19:20:39.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}