CVE-2026-9255 - Tool Execution Without Authorization via Piped Stdin in Kiro CLI

Cli · 2026-06-05

Actions

Rate this issue

Technical Details

Affected Versions	prior to 1.28.0
Regions	all
CVE IDs	CVE-2026-9255
Migration Required	Yes
Cost Impact	Neutral

What This Means

For DevOps Teams

Update Kiro CLI to version 1.28.0 and apply the --no-interactive flag when piping content from untrusted sources to prevent potential security breaches due to CVE-2026-9255.

For Platform Teams

Integrate the updated Kiro CLI version 1.28.0 into your development workflows to enhance security and maintain compliance with the latest AWS security standards.

For Executives

Implement the latest Kiro CLI version 1.28.0 to mitigate the security risk of unauthorized tool execution and ensure secure AI-assisted coding practices within your organization.

Source

View original AWS announcement →

https://aws.amazon.com/security/security-bulletins/rss/2026-035-aws/

Related Cli Updates

CVE-2026-9255 - Tool Execution Without Authorization via Piped Stdin in Kiro CLI (2026-05-22)
AWS Client VPN now supports Ubuntu OS version 26.04 LTS (2026-05-08)
Introducing AWS Client VPN native AWS Transit Gateway attachment (2026-04-24)

Actions

Technical Details

What This Means

Source

Related Cli Updates

Weekly AWS Digest in Your Inbox