Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Staff Editor 2026-04-21
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

https://thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html

Publish Date: 2026-04-21 06:22:00

Source Domain: thehackernews.com

Ravie LakshmananApr 21, 2026Vulnerability / Artificial Intelligence

Cybersecurity researchers have discovered a vulnerability in Google’s agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution.

The flaw, since patched, combines Antigravity’s permitted file-creation capabilities with an insufficient input sanitization in Antigravity’s native file-searching tool, find_by_name, to bypass the program’s Strict Mode, a restrictive security configuration that limits network access, prevents out-of-workspace writes, and ensures all commands are being run within a sandbox context.

“By injecting the -X (exec-batch) flag through the Pattern parameter [in the find_by_name tool], an attacker can force fd to execute arbitrary binaries against workspace files,” Pillar Security researcher Dan Lisichkin said in an analysis.

“Combined with Antigravity’s ability to create files as a permitted action, this enables a full attack chain: stage a malicious script, then trigger it through a seemingly legitimate search, all without additional user interaction once the prompt injection lands.”

The attack takes advantage of the fact that the find_by_name tool call is executed before any of the constraints associated with Strict Mode are enforced and is instead interpreted as a native tool invocation, leading to arbitrary code execution. While the Pattern parameter is designed to accept a filename search pattern to trigger a file and directory search using fd through find_by_name, it’s undermined by a lack of strict validation, passing the input directly to the underlying fd command.

An attacker could, therefore, leverage this behavior to stage a malicious file and inject malicious commands into the Pattern parameter to trigger the execution of the payload.

“The critical flag here is -X (exec-batch). When passed to fd, this flag executes a specified binary against each matched file,” Pillar explained. “By crafting a Pattern…

Source

More Stories

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Staff Editor 2026-06-07
DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

Staff Editor 2026-06-07
Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy