CVE-2026-10591 - Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths
Summary
Kiro IDE (an AI agent that runs on your desktop) has a vulnerability where attackers can trick it into writing files to sensitive locations (like .vscode/tasks.json, which automatically runs code when you open a folder), allowing them to execute arbitrary commands (run code they choose). This affects all versions before 0.11.
Solution / Mitigation
Update Kiro IDE to version 0.11 or later.
Classification
Affected Vendors
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://aws.amazon.com/security/security-bulletins/rss/2026-037-aws/
First tracked: June 2, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%