GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents - IT Security News
2026-07-09
IT Security News - cybersecurity, infosecurity news

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.
Researchers at Wiz discovered a vulnerability, dubbed GhostApproval, affecting six popular AI coding assistants. The flaw allows malicious repositories to exploit symlink handling, tricking AI agents into editing files outside their sandbox, potentially enabling remote code execution and unauthorized access on developers' machines. Some vendors have patched the issue.[AI generated]