Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsPricingView Plans & Pricing
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2026-11931 - Insecure Permissions on Authentication Token Cache File in Kiro IDE

0
Low
VulnerabilityCVE-2026-11931linuxmacoslocal
Published: Mon Jun 15 2026 (06/15/2026, 18:41:08 UTC)
Source: AWS Security Bulletins

Description

CVE-2026-11931 is a vulnerability in Kiro IDE on macOS and Linux where the authentication token cache file had insecure default permissions (0644) before version 0.11.133. This misconfiguration allowed other local users or processes to read the token cache file, potentially exposing sensitive authentication tokens. The issue has been fixed in version 0.11.133 by restricting the file permissions to 0600. Users are advised to upgrade to this version or later to mitigate the risk.

Affected software

GitHub Actionsmore threats →ai
kiro/ide
pkg:github/kiro/ide
Affected versions
<0.11.133

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/15/2026, 18:48:05 UTC

Technical Analysis

Kiro IDE versions prior to 0.11.133 on macOS and Linux platforms set the authentication token cache file permissions to world-readable (0644) instead of owner-restricted (0600). This incorrect default permission setting could allow unauthorized local users or processes to access authentication tokens stored in the cache file. The vulnerability was identified and addressed in version 0.11.133, which enforces stricter file permissions to protect the token cache file from unauthorized access.

Potential Impact

The vulnerability exposes authentication tokens stored in the cache file to other local users or processes on the same system due to overly permissive file permissions. This could lead to unauthorized access to user sessions or credentials if an attacker has local access. However, the impact is limited to local privilege scenarios and does not affect remote exploitation. The severity is considered low.

Mitigation Recommendations

This issue has been officially fixed in Kiro IDE version 0.11.133. Users should upgrade to version 0.11.133 or later to ensure the authentication token cache file permissions are properly restricted. No additional mitigation steps are required beyond applying the official fix.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://aws.amazon.com/security/security-bulletins/rss/2026-045-aws/","fetched":true,"fetchedAt":"2026-06-15T18:48:00.910Z","wordCount":169}

Threat ID: 6a3048e00b89be688875eef3

Added to database: 6/15/2026, 6:48:00 PM

Last enriched: 6/15/2026, 6:48:05 PM

Last updated: 6/16/2026, 4:57:57 AM

Views: 10

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses