More than 30 vulnerabilities discovered in IDEs with AI that allow data theft and RCE
A recent investigation has revealed more than 30 security vulnerabilities in several Integrated Development Environments (IDEs) powered by artificial intelligence (AI). These flaws, collectively called “IDEsaster”, combine prompt injection primitives with legitimate IDE features to achieve data exfiltration and remote code execution (RCE). Security researcher Ari Marzouk (MaccariTA) discovered that the vulnerabilities affect popular IDEs and extensions such as Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie and Cline, among others. Of these, 24 vulnerabilities have been given CVE identifiers. ...