PatchSiren cyber security CVE debrief
CVE-2026-9255 AWS CVE debrief
CVE-2026-9255 is a HIGH severity vulnerability in Kiro CLI versions prior to 1.28.0. The issue arises from missing input source validation in the tool authorization prompt, allowing a local attacker to execute arbitrary tools or shell commands without user approval by manipulating input piped to kiro-cli via stdin. The vulnerability has a CVSS score of 8.4.
- Vendor
- AWS
- Product
- Kiro CLI
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-22
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-05-22
- Advisory updated
- 2026-06-04
Who should care
Users of Kiro CLI versions prior to 1.28.0, administrators of systems where Kiro CLI is used, and security teams responsible for vulnerability management.
Technical summary
The vulnerability is caused by a lack of input validation in the tool authorization prompt of Kiro CLI. This allows an attacker to execute arbitrary tools or shell commands by crafting input that is piped to kiro-cli via stdin, potentially leading to unauthorized command execution.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to Kiro CLI version 1.28.0 or later to address the vulnerability.
- Restrict access to Kiro CLI to trusted users and ensure that input is validated before execution.
- Monitor systems using Kiro CLI for suspicious activity.
Evidence notes
The CVE-2026-9255 details were obtained from the official CVE record and NVD database.
Official resources
-
CVE-2026-9255 CVE record
CVE.org
-
CVE-2026-9255 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
ff89ba41-3aa1-4d27-914a-91399e9639e5 - Vendor Advisory
-
Mitigation or vendor reference
ff89ba41-3aa1-4d27-914a-91399e9639e5 - Release Notes
CVE-2026-9255 was published on 2026-05-22T17:16:49.767Z and modified on 2026-06-04T15:21:43.803Z.