{"id":55186,"date":"2026-05-17T17:36:30","date_gmt":"2026-05-17T17:36:30","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=55186"},"modified":"2026-05-17T17:36:30","modified_gmt":"2026-05-17T17:36:30","slug":"kilo-org-kilocode-environment-variable-configts-load-information-disclosure","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=55186","title":{"rendered":"Kilo-Org kilocode Environment Variable config.ts load information disclosure_CVE-2026-8766"},"content":{"rendered":"

{“lastseen”:””,”description”:”A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages\/opencode\/src\/config\/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILO_CONFIG_CONTENT can lead to information disclosure. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.”,”published”:”2026-05-17T22:15:08.997Z”,”modified”:”2026-05-17T22:15:08.997Z”,”type”:”cve”,”title”:”Kilo-Org kilocode Environment Variable config.ts load information disclosure”,”source”:”VulDB”,”references”:”https:\/\/vuldb.com\/vuln\/364391\\nhttps:\/\/vuldb.com\/vuln\/364391\/cti\\nhttps:\/\/vuldb.com\/submit\/811400\\nhttps:\/\/gist.github.com\/YLChen-007\/32b444e49ced1a46bde5a68933ccd09f”,”id”:”CVE-2026-8766″,”bulletinFamily”:””,”cwe”:[“CWE-200″,”CWE-284″],”cvelist”:null,”sourceData”:”Kilo-Org kilocode 7.0.0\\nKilo-Org kilocode 7.0.1\\nKilo-Org kilocode 7.0.2\\nKilo-Org kilocode 7.0.3\\nKilo-Org kilocode 7.0.4\\nKilo-Org kilocode 7.0.5\\nKilo-Org kilocode 7.0.6\\nKilo-Org kilocode 7.0.7\\nKilo-Org kilocode 7.0.8\\nKilo-Org kilocode 7.0.9\\nKilo-Org kilocode 7.0.10\\nKilo-Org kilocode 7.0.11\\nKilo-Org kilocode 7.0.12\\nKilo-Org kilocode 7.0.13\\nKilo-Org kilocode 7.0.14\\nKilo-Org kilocode 7.0.15\\nKilo-Org kilocode 7.0.16\\nKilo-Org kilocode 7.0.17\\nKilo-Org kilocode 7.0.18\\nKilo-Org kilocode 7.0.19\\nKilo-Org kilocode 7.0.20\\nKilo-Org kilocode 7.0.21\\nKilo-Org kilocode 7.0.22\\nKilo-Org kilocode 7.0.23\\nKilo-Org kilocode 7.0.24\\nKilo-Org kilocode 7.0.25\\nKilo-Org kilocode 7.0.26\\nKilo-Org kilocode 7.0.27\\nKilo-Org kilocode 7.0.28\\nKilo-Org kilocode 7.0.29\\nKilo-Org kilocode 7.0.30\\nKilo-Org kilocode 7.0.31\\nKilo-Org kilocode 7.0.32\\nKilo-Org kilocode 7.0.33\\nKilo-Org kilocode 7.0.34\\nKilo-Org kilocode 7.0.35\\nKilo-Org kilocode 7.0.36\\nKilo-Org kilocode 7.0.37\\nKilo-Org kilocode 7.0.38\\nKilo-Org kilocode 7.0.39\\nKilo-Org kilocode 7.0.40\\nKilo-Org kilocode 7.0.41\\nKilo-Org kilocode 7.0.42\\nKilo-Org kilocode 7.0.43\\nKilo-Org kilocode 7.0.44\\nKilo-Org kilocode 7.0.45\\nKilo-Org kilocode 7.0.46\\nKilo-Org kilocode 7.0.47″,”sourceHref”:””,”cvss”:{“score”:5.3,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:L\/VI:N\/VA:N\/SC:N\/SI:N\/SA:N\/E:P”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”kilocode”,”version”:”7.0.0″,”vendor”:”Kilo-Org”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages\/opencode\/src\/config\/config.ts of the component Environment…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,22,12,21,13,7,11,5],"class_list":["post-55186","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-53","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nKilo-Org kilocode Environment Variable config.ts load information disclosure_CVE-2026-8766 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=55186\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kilo-Org kilocode Environment Variable config.ts load information disclosure_CVE-2026-8766 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages\/opencode\/src\/config\/config.ts of the component Environment...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=55186\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-17T17:36:30+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55186#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55186\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Kilo-Org kilocode Environment Variable config.ts load information disclosure_CVE-2026-8766\",\"datePublished\":\"2026-05-17T17:36:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55186\"},\"wordCount\":329,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.3\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=55186#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55186\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55186\",\"name\":\"Kilo-Org kilocode Environment Variable config.ts load information disclosure_CVE-2026-8766 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-17T17:36:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55186#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=55186\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=55186#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kilo-Org kilocode Environment Variable config.ts load information disclosure_CVE-2026-8766\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kilo-Org kilocode Environment Variable config.ts load information disclosure_CVE-2026-8766 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=55186","og_locale":"en_US","og_type":"article","og_title":"Kilo-Org kilocode Environment Variable config.ts load information disclosure_CVE-2026-8766 - zero redgem","og_description":"{“lastseen”:””,”description”:”A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages\/opencode\/src\/config\/config.ts of the component Environment...","og_url":"https:\/\/zero.redgem.net\/?p=55186","og_site_name":"zero redgem","article_published_time":"2026-05-17T17:36:30+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=55186#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=55186"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Kilo-Org kilocode Environment Variable config.ts load information disclosure_CVE-2026-8766","datePublished":"2026-05-17T17:36:30+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=55186"},"wordCount":329,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.3","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=55186#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=55186","url":"https:\/\/zero.redgem.net\/?p=55186","name":"Kilo-Org kilocode Environment Variable config.ts load information disclosure_CVE-2026-8766 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-17T17:36:30+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=55186#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=55186"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=55186#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Kilo-Org kilocode Environment Variable config.ts load information disclosure_CVE-2026-8766"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/55186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=55186"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/55186\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=55186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=55186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=55186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}