AnalysisCybersecurityJuly 9, 2026

GhostApproval symlink flaws let malicious repos run code in AI coding agents

Researchers at Wiz found that six popular AI coding assistants are vulnerable to a symlink attack (GhostApproval) allowing malicious repositories to execute arbitrary code. The attack tricks the assistant into writing to sensitive files by asking permission for a seemingly harmless file.

1 source