Kiro CLI <1.28.0: Missing input validation allows arbitrary tool exec via stdin
CVE-2026-9255 Published on May 22, 2026

Tool Execution Without Authorization via Piped Stdin in Kiro CLI
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version 1.28.0 or later.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-9255 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2026-9255 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2026-9255

stack.watch emails you whenever new vulnerabilities are published in Aws Kiro Cli or Amazon Aws. Just hit a watch button to start following.

Aws Kiro Cli
 
Amazon Aws
 

Affected Versions

AWS Kiro CLI:

Exploit Probability

EPSS
0.01%
Percentile
2.12%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.