A vulnerability in AWS’s Kiro agentic IDE (versions prior to 0.11) allows remote unauthenticated attackers to write to execution-sensitive files such as .vscode/tasks.json, which can trigger automatic command execution when a folder is opened. The flaw stems from insufficient access control restrictions in the IDE’s file write tool. This is particularly concerning as it can be exploited via crafted instructions, potentially through AI agent interactions.

Architect’s Take: Ensure all developers using Kiro IDE have updated to version 0.11 or later immediately, and consider enforcing this via endpoint management tooling. Review developer workstation security policies to restrict auto-execution behaviours in IDE environments, particularly for AI-assisted or agentic tooling.

Original advisory: CVE-2026-10591 - Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths