CVE-2026-11931
Received Received - Intake
BaseFortify

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: AMZN

Description
Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions (0644) instead of owner-restricted permissions (0600). To remediate this issue, users should upgrade to Kiro IDE version 0.11.133 or later. After upgrading and restarting the application, the cache file permissions are automatically updated on the next token refresh. Users operating in a multi-user environment can invalidate existing tokens by reauthenticating.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-11931
EUVD
EUVD-2026-36791
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
kiro ide From 0.11.133 (inc)
kiro ide 0.11.133
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-11931 is a security vulnerability in Kiro IDE on macOS and Linux versions before 0.11.133. The issue is that the authentication token cache file was created with incorrect default permissions, making it world-readable (0644) instead of restricted to the owner only (0600). This means other local users or processes on the same system could potentially access sensitive authentication tokens.

Impact Analysis

This vulnerability could allow unauthorized local users or processes to read the authentication token cache file due to its overly permissive file permissions. As a result, attackers could gain access to sensitive authentication tokens, potentially leading to unauthorized access or actions within the Kiro IDE environment.

Detection Guidance

This vulnerability can be detected by checking the permissions of the authentication token cache file used by Kiro IDE on macOS or Linux systems. Specifically, you should verify if the file permissions are set to world-readable (0644) instead of owner-restricted (0600).

You can use commands like the following to detect the vulnerable permission settings:

  • Find the token cache file location used by Kiro IDE.
  • Run: ls -l /path/to/token_cache_file
  • Check if the permissions show '-rw-r--r--' (0644) instead of '-rw-------' (0600).

Alternatively, you can use the find command to locate files with world-readable permissions, for example:

  • find /path/to/kiro/cache/ -type f -perm 0644
Mitigation Strategies

To mitigate this vulnerability, you should immediately upgrade Kiro IDE to version 0.11.133 or later, where the issue has been fixed.

After upgrading and restarting the application, the cache file permissions will be automatically updated on the next token refresh.

If you operate in a multi-user environment, it is recommended to invalidate existing tokens by reauthenticating to ensure that any potentially exposed tokens are no longer valid.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11931. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart