AnalysisCybersecurityJuly 9, 2026

GhostApproval symlink flaws let malicious repos execute code in AI coding agents

Wiz researchers found symlink vulnerabilities in six popular AI coding assistants (Amazon CodeWhisperer, etc.) that allow a malicious repo to silently overwrite sensitive files, leading to arbitrary code execution. The flaw, dubbed 'GhostApproval,' exploits a gap in how assistants handle symlinks and permission prompts.

2 sources

GhostApproval symlink flaws let malicious repos execute code in AI coding agents — AIBriefs