CVE-2026-11931 - Insecure Permissions on Authentication Token Cache File in Kiro IDE
highvulnerability
security
Source: AWS Security BulletinsJune 15, 2026
Summary
Kiro IDE, an AI-powered development tool, had a security flaw in versions before 0.11.133 where authentication token cache files (files storing login credentials) were saved with world-readable permissions on macOS and Linux, meaning any user or process on the same computer could read them instead of just the owner.
Solution / Mitigation
Update Kiro IDE to version 0.11.133 or later.
Classification
Attack Type
PII Leakage
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
AI Component TargetedAPI
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://aws.amazon.com/security/security-bulletins/rss/2026-045-aws/
First tracked: June 15, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%