05

Paper documents 30+ prompt-injection CVEs across AI coding IDEs

verifiedDeveloperLegal

Monday, July 13, 2026

Confidence

High · — peer-published paper with named CVEs and reproducible chain

Evidence

arXiv systematic analysis + OWASP + Vectra AI writeup

A systematic arXiv analysis of agentic coding assistants catalogs the CVEs disclosed against Copilot, Cursor, Claude Code, Windsurf and others — including a working GitHub Copilot privilege-escalation chain.
  • The paper details CVE-2025-53773, a Copilot RCE where a code-comment injection writes `chat.tools.autoApprove: true` into VS Code settings, silencing future tool calls.
  • Rehberger's disclosures covered Devin, Cursor (CVE-2025-54132), Copilot, Claude Code (CVE-2025-55284) and Google Jules — same vector: plant instructions in a file the agent reads.

Sources

Apply this today

The hands-on layer the brief points to: a workflow you can run, a tool to test, and today’s 60-second video.

Get the next one in your inbox

One daily brief. Every story gets a hype verdict.

No spam. Unsubscribe anytime.