CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-9255

unknowncovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: 2026-035-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/22/2026 09:45 AM PDT Description: Kiro CLI is a command-line AI coding assistant that enables developers to interact with AI models to execute code, manage files, and run shell commands. We identified CVE-2026-9255, an issue where missing input source validation in the tool authorization prompt could allow a local actor to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. Impacted versions: kiro-cli prior to 1.28.0 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

What
Missing input source validation could allow local actors to execute arbitrary tools without user approval.
Who is affected
Users of Kiro CLI versions prior to 1.28.0.
Urgency
Remediation is urgent as it allows unauthorized tool execution.
Action
Upgrade Kiro CLI to version 1.28.0 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-9255

Get an email if CVE-2026-9255 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-9255

CVE.org record

Embed the live status

CVE-2026-9255 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-9255 status](https://www.csirts.com/badge/CVE-2026-9255)](https://www.csirts.com/cve/CVE-2026-9255)