Arbitrary code execution via crafted project files in Kiro IDE

Kiro IDE, an AI-powered development environment for building autonomous software agents, has a vulnerability (CVE-2026-4295) that allows arbitrary code execution (running unintended commands on a system) when users open malicious project files. The flaw exists in versions before 0.8.0 due to improper trust boundary enforcement (failing to verify that data comes from a safe source).