Critical Vulnerabilities in GitHub Copilot, Gemini CLI, Claude, and Other Tools Impact Millions of Users

The software development landscape has been fundamentally altered by AI-driven integrated development environments (IDEs).

Tools like GitHub Copilot, Gemini CLI, and Claude Code have evolved from simple autocompletion engines into autonomous agents capable of executing tasks.

However, this rapid pursuit of productivity has introduced a security gap, as vendors inadvertently expand attack surfaces by integrating these agents directly into legacy IDE architectures not originally designed for such autonomy.

The newly discovered vulnerability class, dubbed “IDEsaster,” exploits the interaction between AI agents and the underlying features of base IDEs like Visual Studio Code and JetBrains.

Unlike traditional vulnerabilities that target a specific tool’s flaw, this attack chain leverages IDE features—such as configuration files and workspace settings—to execute malicious actions.

By manipulating these foundational elements, attackers can bypass standard security boundaries, turning helpful features into vectors for data exfiltration and remote code execution.

MaccariTA security analysts identified this alarming trend after extensive research into the security posture of AI coding assistants.

Their investigation revealed that 100% of the tested applications were vulnerable to this new class of attacks.

The fallout is massive, with over 30 separate vulnerabilities reported and 24 CVEs assigned across market-leading products.

The findings prompted immediate security advisories from major vendors, including AWS, highlighting the severity of the threat impacting millions of developers globally.

Remote Code Execution via IDE Settings Overwrite

The most severe manifestation of IDEsaster involves the manipulation of IDE configuration files to achieve Remote Code Execution (RCE).

In this scenario, an attacker employs prompt injection to trick the AI agent into modifying core settings files, such as .vscode/settings.json in Visual Studio Code or .idea/workspace.xml in JetBrains IDEs.

This differs from previous exploits by targeting global IDE settings rather than just agent-specific configurations.

For instance, in Visual Studio Code, an attacker can direct the agent to edit a seemingly harmless file, like a Git hook sample, inserting malicious code.

Vulnerability References:-

Below is a consolidated table of the vulnerability references and CVEs identified during the research into the “IDEsaster” vulnerability class.

Subsequently, the agent is instructed to modify the php.validate.executablePath setting to point to this newly created executable.

“php.validate.executablePath”: “/absolute/path/to/.git/hooks/pre-commit.sample”

Once this configuration is active, simply creating a PHP file within the project triggers the IDE to execute the malicious path, granting the attacker instant control.

This method effectively weaponizes the IDE’s own validation features against the user.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.