Security · 2h ago
Symlink Flaw in 6 AI Coding Assistants Lets Repos Hijack Developer Machines
Researchers at Wiz discovered a vulnerability in six popular AI coding assistants, including Amazon Q Developer and Claude Code, that allows malicious code repositories to trick the tools into overwriting sensitive files. The flaw, dubbed GhostApproval, exploits symlink attacks to bypass user consent prompts. Affected tools have been notified and are working on fixes.
Meridian48 take
The finding underscores how AI coding assistants' trust in user intent can be weaponized, making sandboxing and permission models a critical battleground for developer tool security.
Read the full reporting
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents →
The Hacker News
ai-coding-assistantssymlink-vulnerability