What is CVE-2026-10591?

CVE-2026-10591 is a high-severity vulnerability in Amazon Kiro_ide, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 8.8/10. Published 2026-06-02.

How severe is CVE-2026-10591?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Amazon Kiro_ide

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitiv…

EPSS: 0.001 (22.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Amazon Kiro_ide
Aws Kiro Ide — versions 0

Weakness classification (CWE)

CWE-732 — Incorrect Permission Assignment for Critical Resource

References

ff89ba41-3aa1-4d27-914a-91399e9639e5 (release-notes, Release Notes)
ff89ba41-3aa1-4d27-914a-91399e9639e5 (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2026-10591?: CVE-2026-10591 is a high-severity vulnerability in Amazon Kiro_ide, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 8.8/10. Published 2026-06-02.
How severe is CVE-2026-10591?: High severity. CVSS v3 base score is 8.8 out of 10.