LOW
Kilo-Org
CVE published 2026-05-17
CVE-2026-8766
CVE-2026-8766 is a low-severity information disclosure issue in Kilo Code CLI up to 7.0.47. The supplied description says the vulnerable code path is the Load function in packages/opencode/src/config/config.ts, within the Environment Variable Handler component, and that manipulating KILO_CONFIG_CONTENT can disclose information remotely. The CVE record also references a public exploit and notes that the ve [truncated]