A vulnerability labeled as critical has been found in Amazon AWS Kiro IDE up to 0.7.x . Affected is an unknown function of the component Project Handler . The manipulation results in inclusion of functionality from untrusted control sphere. This vulnerability was named CVE-2026-4295 . The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.