CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-5429

unknowncovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: 2026-012-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/02 11:30 AM PDT Description: Kiro IDE is an agentic development environment that makes it easy for developers to ship real engineering work with the help of AI agents. We identified CVE-2026-5429, where unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a maliciously crafted color theme name when a local user opens the workspace. This issue requires the user to trust the workspace when prompted. Impacted versions: < 0.8.140 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

What
Unsanitized input during web page generation allows a remote unauthenticated threat actor to execute arbitrary code via a maliciously crafted color theme name.
Who is affected
Users of Kiro IDE versions before 0.8.140.
Urgency
Remediation is urgent due to the risk of arbitrary code execution via XSS.
Action
Upgrade to Kiro IDE version 0.8.140 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-5429

Get an email if CVE-2026-5429 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-5429

CVE.org record

Embed the live status

CVE-2026-5429 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-5429 status](https://www.csirts.com/badge/CVE-2026-5429)](https://www.csirts.com/cve/CVE-2026-5429)