CVE-2026-11931: Kiro IDE Auth Token Exposure
🟠 High | Source: AWS Security Bulletins A vulnerability in Kiro IDE (AWS’s agentic development environment) on macOS and Linux incorrectly sets the authentication token cache file to world-readable permissions (0644) rather than owner-only (0600). This means other local users or processes on the same machine could read the authentication token, potentially allowing unauthorised access to AWS services or the IDE’s AI capabilities. The issue affects all versions prior to 0.11.133. ...