What is 2026-001-AWS?

2026-001-AWS is a security advisory published by AWS Security Bulletins. CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper

Which CVE IDs does 2026-001-AWS cover?

2026-001-AWS covers the following CVE IDs: CVE-2026-0830. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

2026-001-AWS

CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper

Vendor

AWS Security Bulletins

Published

January 9, 2026

Last Modified

—

🔗 CVE IDs covered (1)

CVE-2026-0830 →

📋 Description

Bulletin ID: 2026-001-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/01/09 13:15 PM PST Description: Kiro is an agentic IDE users install on their desktop. We identified CVE-2026-0830 where opening a maliciously crafted workspace may lead to arbitrary command injection in Kiro IDE before Kiro version 0.6.18. This may occur if the workspace has specially crafted folder names within the workspace containing injected commands. Resolution: Kiro IDE
Please refer to the article below for the most up-to-date information related to this AWS Security Bulletin.

🔗 References (1)

advisoryhttps://aws.amazon.com/security/security-bulletins/rss/2026-001-aws/