How severe is CVE-2026-0830?

CVE-2026-0830 has a CVSS v3 score of 7.8 (HIGH).

CVE-2026-0830

7.8HIGH

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously craft

게시됨: 1/9/2026업데이트됨: 1/13/2026

설명

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

AI 분석AI 기반

참조

https://aws.amazon.com/security/security-bulletins/2026-001-AWS/
https://kiro.dev/changelog/spec-correctness-and-cli/