How severe is CVE-2026-0830?

CVE-2026-0830 has a CVSS v3 score of 7.8 (HIGH).

CVE-2026-0830

7.8HIGH

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously craft

Published: 1/9/2026Updated: 1/13/2026

Description

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

AI AnalysisPowered by AI

References

https://aws.amazon.com/security/security-bulletins/2026-001-AWS/
https://kiro.dev/changelog/spec-correctness-and-cli/