CVE-2026-5429 - Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme

Kiro Ide ยท 2026-06-05

Actions

Rate this issue

Technical Details

Affected Versions < 0.8.140
Regions all
CVE IDs CVE-2026-5429
Migration Required Yes
Cost Impact Neutral

What This Means

For DevOps Teams

Update Kiro IDE to version 0.8.140 to address the critical security vulnerability CVE-2026-5429, ensuring that all forked or derivative code is patched to prevent potential cross-site scripting attacks.

For Platform Teams

Deploy the updated Kiro IDE version 0.8.140 across all development environments to eliminate the security risk associated with unsanitized input in the webview, enhancing overall platform security.

For Executives

Implement the latest Kiro IDE version 0.8.140 to mitigate the risk of cross-site scripting attacks via malicious color themes, ensuring the security and integrity of development workflows.

Source

View original AWS announcement โ†’

Weekly AWS Digest in Your Inbox

No spam, no headlines. Just a weekly summary of the 3โ€“7 AWS changes that matter for DevOps and Platform teams.

๐Ÿ“ง Exactly 1 email per week โ€ข Every Tuesday โ€ข Unsubscribe anytime

Today: AWS only. Coming next: Azure and other major clouds.