CVE-2026-5429: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting') in AWS Kiro IDE
CVE-2026-5429 is a high-severity cross-site scripting (XSS) vulnerability in AWS Kiro IDE versions before 0. 8. 140. It arises from improper input sanitization of a color theme name in the Kiro Agent webview, allowing remote unauthenticated attackers to execute arbitrary code when a local user opens a trusted workspace. Exploitation requires the user to trust the workspace prompt. A patch is available in version 0. 8. 140 to remediate this issue.
AI Analysis
Technical Summary
This vulnerability involves improper neutralization of input during web page generation in the Kiro Agent webview component of AWS Kiro IDE. Specifically, unsanitized input in the color theme name can be crafted maliciously to execute arbitrary code via cross-site scripting when a local user opens a workspace and accepts the trust prompt. The vulnerability affects versions prior to 0.8.140. The CVSS 3.1 score is 7.8, reflecting high impact on confidentiality, integrity, and availability with low attack complexity but requiring user interaction and local access.
Potential Impact
Successful exploitation allows remote unauthenticated attackers to execute arbitrary code in the context of the local user via a crafted color theme name, potentially compromising confidentiality, integrity, and availability of the affected system. However, exploitation requires the local user to open a workspace and trust it, which limits the attack vector to scenarios involving user interaction and trust decisions.
Mitigation Recommendations
Users should upgrade AWS Kiro IDE to version 0.8.140 or later, where this vulnerability is fixed. Applying this official patch fully mitigates the issue. No additional mitigations are indicated or required beyond upgrading.
CVE-2026-5429: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting') in AWS Kiro IDE
Description
CVE-2026-5429 is a high-severity cross-site scripting (XSS) vulnerability in AWS Kiro IDE versions before 0. 8. 140. It arises from improper input sanitization of a color theme name in the Kiro Agent webview, allowing remote unauthenticated attackers to execute arbitrary code when a local user opens a trusted workspace. Exploitation requires the user to trust the workspace prompt. A patch is available in version 0. 8. 140 to remediate this issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper neutralization of input during web page generation in the Kiro Agent webview component of AWS Kiro IDE. Specifically, unsanitized input in the color theme name can be crafted maliciously to execute arbitrary code via cross-site scripting when a local user opens a workspace and accepts the trust prompt. The vulnerability affects versions prior to 0.8.140. The CVSS 3.1 score is 7.8, reflecting high impact on confidentiality, integrity, and availability with low attack complexity but requiring user interaction and local access.
Potential Impact
Successful exploitation allows remote unauthenticated attackers to execute arbitrary code in the context of the local user via a crafted color theme name, potentially compromising confidentiality, integrity, and availability of the affected system. However, exploitation requires the local user to open a workspace and trust it, which limits the attack vector to scenarios involving user interaction and trust decisions.
Mitigation Recommendations
Users should upgrade AWS Kiro IDE to version 0.8.140 or later, where this vulnerability is fixed. Applying this official patch fully mitigates the issue. No additional mitigations are indicated or required beyond upgrading.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- AMZN
- Date Reserved
- 2026-04-02T15:46:40.727Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cec35ae6bfc5ba1dfb4ce4
Added to database: 4/2/2026, 7:28:26 PM
Last enriched: 4/9/2026, 10:52:53 PM
Last updated: 5/20/2026, 7:46:38 AM
Views: 42
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.