Low Severity Threats

CVE-2026-4295 is a vulnerability in Kiro IDE versions prior to 0. 8. 0 that allows arbitrary code execution when a user opens a maliciously crafted project directory. The issue arises from improper enforcement of trust boundaries within the IDE. This vulnerability has been addressed in version 0. 8. 0 of Kiro IDE. Users unable to upgrade immediately are advised to avoid opening untrusted project directories to mitigate risk.

AWS has identified a potential Instance Metadata Service (IMDS) impersonation issue affecting IMDSv1 and IMDSv2. This vulnerability could cause customers using AWS tools from non-EC2 compute nodes to interact with unexpected AWS accounts if a third party controls the network and impersonates the IMDS endpoint. The issue arises because IMDS normally runs on a loopback interface within EC2 instances, but outside the AWS data perimeter, a malicious actor with privileged network access could serve fake metadata credentials. AWS recommends following official installation and configuration guides for AWS CLI/SDK and SSM Agent when used outside AWS to mitigate this risk. Additionally, monitoring for unexpected IMDS traffic in on-premises environments is advised to detect potential impersonation attempts. No known exploits in the wild have been reported, and the severity is assessed as low.

Bulletin ID: 2026-002-AWS Scope: AWS Content Type: Informational Publication Date: 2026/01/15 07:03 AM PST Description: A security research team identified a configuration issue affecting the following AWS-managed open source GitHub repositories that could have resulted in the introduction of inappropriate code: - aws-sdk-js-v3 - aws-lc - amazon-corretto-crypto-provider - awslabs/open-data-registry Specifically, researchers identified the above repositories' configured regular expressions for AWS CodeBuild webhook filters intended to limit trusted actor IDs were insufficient, allowing a predictably acquired actor ID to gain administrative permissions for the affected repositories. We can confirm these were project-specific misconfigurations in webhook actor ID filters for these repositories and not an issue in the CodeBuild service itself. The researchers carefully demonstrated the potential to commit inappropriate code, through an empty code commit, to one repository and promptly informed AWS Security of their research activity and its potential negative impact. No inappropriate code was introduced to any of the affected repositories during this security research activity, the demonstrated empty code commit to one repository had no impact to any AWS customer environments and did not impact any AWS services or infrastructure. No customer action is required. Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

This entry describes the introduction of two open source tools, RAMPART and Clarity, designed to enhance safety in AI agent development workflows. The tools address the evolving capabilities of AI systems in enterprises, which now perform complex tasks such as accessing emails, retrieving CRM records, writing and executing code, and interacting with multiple connected systems. The content is primarily informational about these tools rather than describing a specific vulnerability or exploit. No direct vulnerability details, affected versions, or patch information are provided. The severity is noted as low and no known exploits are reported.

This vulnerability allows local attackers to disclose sensitive information on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-2493.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.4. The following CVEs are assigned: CVE-2025-71205.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.4. The following CVEs are assigned: CVE-2025-71206.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.4. The following CVEs are assigned: CVE-2025-71207.

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Cleaner One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2025-71218.