2026-045-AWS

CVE-2026-11931 - Insecure Permissions on Authentication Token Cache File in Kiro IDE

Published
June 15, 2026
Last Modified

🔗 CVE IDs covered (1)

📋 Description

Bulletin ID: 2026-045-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/15/2026 11:45 AM PDT Description: Kiro IDE is an agentic development environment that makes it easy for developers to ship real engineering work with the help of AI agents. We identified CVE-2026-11931, where incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions (0644) instead of owner-restricted permissions (0600). Impacted versions:
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

🔗 References (1)