{"data":{"id":"e6823a49-bfcd-4cdd-b657-4a69456d2111","title":"CVE-2026-10591 - Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths","summary":"Kiro IDE (an AI agent that runs on your desktop) has a vulnerability where attackers can trick it into writing files to sensitive locations (like .vscode/tasks.json, which automatically runs code when you open a folder), allowing them to execute arbitrary commands (run code they choose). This affects all versions before 0.11.","solution":"Update Kiro IDE to version 0.11 or later.","labels":["security"],"sourceUrl":"https://aws.amazon.com/security/security-bulletins/rss/2026-037-aws/","publishedAt":"2026-06-02T15:39:24.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Kiro IDE"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-02T15:39:24.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}