CNNVD-202510-1173 Information

CNNVD ID

CNNVD-202510-1173

Related CVE

CVE-2025-11445

• CNNVD Published: 2025-10-08

Description (Chinese)

Kilo Code是Kilo Code开源的一个AI编码助手。 Kilo Code 4.86.0及之前版本存在安全漏洞，该漏洞源于对Prompt Handler组件中ClineProvider函数操作不当，可能导致注入攻击。

Description (English)

Kilo Code is an AI coding assistant to Kilo Code Open Source. There is a security loophole in Kilo Code 4.86.0 and earlier versions, which stems from the improper operation of the ClineProvider function in the Prompt Handler component, which may lead to an injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Kilo Code

Published

2025-10-08

Last Modified

2026-02-24

References

https://github.com/Kilo-Org/kilocode/pull/2244 https://github.com/Kilo-Org/kilocode/pull/2244/commits/2fdddf89edba41ec3a527134e485a3388c464333 https://mcpsec.dev/advisories/2025-10-02-kilo-code-ai-agent-supply-chain-attack/ https://vuldb.com/?ctiid.327382 https://vuldb.com/?id.327382 https://vuldb.com/?submit.667004

Patch

https://github.com/Kilo-Org/kilocode/releases