Bulletin ID: 2026-035-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 05/22/2026 9:45 AM PDT
 

Description:

Kiro CLI is a command-line AI coding assistant that enables developers to interact with AI models to execute code, manage files, and run shell commands. We identified CVE-2026-9255, an issue where missing input source validation in the tool authorization prompt could allow a local actor to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin.

Impacted versions: kiro-cli prior to 1.28.0

Resolution:

This issue has been addressed in kiro-cli version 1.28.0. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.

Workarounds:

Run kiro-cli with the --no-interactive flag when piping content from untrusted sources. This explicitly disables tool approval prompts and prevents piped input from being consumed as confirmation responses.

References:

• CVE-2026-9255

Please email aws-security@amazon.com with any security questions or concerns.