AI-powered IDEs prompt-injection RCE and data-exfiltration flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
A disclosed set of 30+ vulnerabilities in AI-powered IDEs and coding assistants creates data exfiltration and remote code execution risk across tools such as Cursor and GitHub Copilot. The flaws are chained through prompt injection and legitimate IDE features, and 24 CVEs have already been assigned. The disclosure shows that normal development workflows can be turned into attack paths when AI agents trust hostile context.
Related Happenings
Defensive guidance for splitting behavioral detections around AI coding agents on Windows endpoints
Defensive Guidance
First: 08.07.2026 20:02
Last: 08.07.2026 20:02
Sources 1
About this happening:
AI coding agents on **Windows endpoints** are triggering attacker-style detections, forcing defenders to separate benign automation from real **credential theft** risk. A **June 2...
Defensive guidance for splitting behavioral detections around AI coding agents on Windows endpoints
Defensive GuidanceAbout this happening: AI coding agents on **Windows endpoints** are triggering attacker-style detections, forcing defenders to separate benign automation from real **credential theft** risk. A **June 2...
HalluSquatting indirect prompt-injection attack on AI coding assistants
Technical Analysis
H score3
First: 08.07.2026 18:07
Last: 08.07.2026 18:07
Sources 1
About this happening:
Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....
HalluSquatting indirect prompt-injection attack on AI coding assistants
Technical AnalysisAbout this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....
Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files
Technical Analysis
H score22
First: 08.07.2026 14:21
Last: 08.07.2026 14:21
Sources 1
About this happening:
Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...
Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files
Technical AnalysisAbout this happening: Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...
GitHub Agentic Workflows indirect prompt injection security flaw
Vulnerability
H score27
First: 07.07.2026 17:04
Last: 07.07.2026 17:04
Sources 1
About this happening:
**GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...
GitHub Agentic Workflows indirect prompt injection security flaw
VulnerabilityAbout this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...
SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware
Technical Analysis
H score22
First: 06.07.2026 09:33
Last: 06.07.2026 09:33
Sources 1
About this happening:
**SKILLCLOAK** shows that malicious **AI coding-agent skills** can be rewritten to evade static scanners while still executing, exposing **credentials**, **source code**, and term...
SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware
Technical AnalysisAbout this happening: **SKILLCLOAK** shows that malicious **AI coding-agent skills** can be rewritten to evade static scanners while still executing, exposing **credentials**, **source code**, and term...
Timeline
-
06.12.2025 17:24 2 articles · 7mo ago
IDEsaster disclosure of AI IDE vulnerabilities
Initial DisclosureSecurity researcher Ari Marzouk (MaccariTA) disclosed 30+ vulnerabilities in AI-powered IDEs and coding assistants, naming the issue set IDEsaster. The affected tools include Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie, and Cline, and 24 of the issues received CVE identifiers. The disclosed attack chains combine prompt injection, auto-approved agent tool calls, and legitimate IDE features to leak sensitive files or achieve remote code execution.
Show sources
- Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks — thehackernews.com — 06.12.2025 17:24
- Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks — thehackernews.com — 06.12.2025 17:24