SECURITYTHE HACKER NEWS
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
Researchers at Wiz discovered a vulnerability in six AI coding assistants that allows malicious code repositories to execute unauthorized code by exploiting a symlink flaw. The affected tools include Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.
Mentioned
Related Signal