We use cookies to improve your experience on our site.
AVID-2026-R0419
Description
Amazon Kiro IDE Data Exfiltration via Steering File
Details
The Amazon Kiro IDE is vulnerable to a data exfiltration issue that can be exploited through steering file directives. By carefully crafting a steering file to read a local file and render a Markdown image, an attacker can coerce the AI send sensitive data to an external server.
References
Affected or Relevant Artifacts
- Developer: Amazon
- Deployer:
- Artifact Details:
| Type | Name |
|---|---|
| System | Kiro IDE |
Impact
- (none)
Other information
- Report Type: Advisory
- Credits: Aaron Portnoy, Mindgard
- Date Reported: 2025-12-08
- Version: 0.3.1
- AVID Entry