Saturday, July 11, 2026
updated hourly · four languages, one press

php-net.pro · the dev news broadsheet

The Dev Dispatch

AI · Security

Symlink Vulnerability in Six Coding Agents Allows Arbitrary File Access

Wiz researchers discovered GhostApproval, a critical flaw in Amazon Q Developer, Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. Attackers can exploit symbolic links in malicious repositories to trick AI agents into writing arbitrary files, including SSH keys, bypassing sandbox restrictions. Patches available for most tools; Augment and Windsurf remain unpatched.

Read the original source ↗

AI-generated summary (Heiko) · editorially responsible: J. Fuchs · How we use AI

← back to the front page