How severe is CVE-2026-0830?

CVE-2026-0830 has a CVSS v3 score of 7.8 (HIGH).

CVE-2026-0830

7.8HIGH

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously craft

Veröffentlicht: 1/9/2026Aktualisiert: 1/13/2026

Beschreibung

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

KI-AnalyseKI-gestützt

Referenzen

https://aws.amazon.com/security/security-bulletins/2026-001-AWS/
https://kiro.dev/changelog/spec-correctness-and-cli/