By vendor
Amazon vulnerabilities
Known CVEs affecting Amazon products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-10591HIGH 8.8
Amazon Kiro IDE before version 0.11 contains a flaw in its file write functionality that fails to properly restrict which directories and files can be modified. An attacker can exploit this by sending specially crafted instructions that trick the IDE into writing files to sensitive paths—such as VS Code configuration files that execute automatically when a folder is opened. This could allow remote code execution without requiring the user to authenticate or take risky steps beyond opening a project folder.