PatchSiren cyber security CVE debrief
CVE-2026-11931 AWS CVE debrief
CVE-2026-11931 is a medium-severity vulnerability affecting Kiro IDE on macOS and Linux before version 0.11.133. The vulnerability is caused by incorrect default permissions, which expose the authentication token cache file to other local users or processes. The cache file has world-readable permissions (0644) instead of owner-restricted permissions (0600).
- Vendor
- AWS
- Product
- Kiro IDE
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Kiro IDE on macOS and Linux, especially those operating in multi-user environments, should be aware of this vulnerability.
Technical summary
The vulnerability has a CVSS score of 6.8 and is classified as CWE-276. It allows local users or processes to access the authentication token cache file due to incorrect permissions.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to Kiro IDE version 0.11.133 or later.
- After upgrading and restarting the application, the cache file permissions are automatically updated on the next token refresh.
- Users operating in a multi-user environment can invalidate existing tokens by reauthenticating.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4] and [ref-5].
Official resources
-
CVE-2026-11931 CVE record
CVE.org
-
CVE-2026-11931 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
ff89ba41-3aa1-4d27-914a-91399e9639e5
-
Source reference
ff89ba41-3aa1-4d27-914a-91399e9639e5
CVE-2026-11931 was published on 2026-06-15T20:16:25.290Z and has not been modified since then.