Home / Jul 10, 2026 / Story
0
#3 The Hacker News general July 09, 2026 at 04:27 UTC

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

By [email protected] (The Hacker News)

AI Summary

Wiz researchers disclosed 'GhostApproval,' a symlink-based attack affecting six AI coding assistants — Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. A malicious repository can trick the agent into writing to sensitive system files while appearing to edit a harmless target, enabling arbitrary code execution on the developer's machine.

Relevance score: 84.0/100

# More from July 10