What is 2026-009-AWS?

2026-009-AWS is a security advisory published by AWS Security Bulletins. Arbitrary code execution via crafted project files in Kiro IDE

Which CVE IDs does 2026-009-AWS cover?

2026-009-AWS covers the following CVE IDs: CVE-2026-4295. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

2026-009-AWS

Arbitrary code execution via crafted project files in Kiro IDE

Vendor

AWS Security Bulletins

Published

March 17, 2026

Last Modified

—

🔗 CVE IDs covered (1)

CVE-2026-4295 →

📋 Description

Bulletin ID: 2026-009-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/17 12:15 PM PDT Description: Kiro is an AI-powered IDE for agentic software development. We identified CVE-2026-4295, where improper trust boundary enforcement allowed arbitrary code execution when a user opened a maliciously crafted project directory. Impacted versions: Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

🔗 References (1)

advisoryhttps://aws.amazon.com/security/security-bulletins/rss/2026-009-aws/