CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper
highvulnerability
security
Source: AWS Security BulletinsJune 5, 2026
Summary
A vulnerability (CVE-2026-0830) in Kiro IDE, a desktop application that helps developers with code tasks, allows attackers to run arbitrary commands (command injection, where an attacker executes unauthorized code) on a user's computer by tricking them into opening a workspace with specially crafted folder names. This bug affects Kiro versions before 0.6.18.
Solution / Mitigation
Update to Kiro version 0.6.18 or later.
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://aws.amazon.com/security/security-bulletins/rss/2026-001-aws/
First tracked: June 5, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%