Google's Antigravity IDE Vulnerability Allows Remote Code Execution via Prompt Injection

Google's Antigravity IDE Vulnerability Allows Remote Code Execution via Prompt Injection

First seen 20 Apr 2026, 21:43 UTC CyberscoopCsoonlineDarkreadingwww.pillar.securitynvd.nist.gov 84% similarity 70.5

Article Content

Browse articles
ThreatCluster

Researchers at Pillar Security discovered a critical prompt injection vulnerability in Google's Antigravity IDE, which allows for remote code execution (RCE) by exploiting insufficient input sanitization in the find_by_name tool's Pattern parameter. This flaw enables attackers to inject command-line flags into the underlying fd utility, effectively converting file operations into arbitrary code execution. The vulnerability circumvents Antigravity's Secure Mode, which is intended to restrict network access and enforce sandboxing of command operations. The issue was reported to Google on January 6, 2026, and was patched on February 28, 2026, with Pillar Security receiving a bounty for their discovery. The vulnerability is particularly concerning as it can be triggered by seemingly benign inputs, making it a significant threat to users relying on the IDE for secure development. This incident highlights the growing risks associated with agentic AI tools and the need for stricter validation of input parameters.

Key Points: • A prompt injection vulnerability in Google's Antigravity IDE allows for remote code execution. • The flaw bypasses the IDE's Secure Mode, which is intended to enforce security controls. • Pillar Security reported the vulnerability in January 2026, and it was patched by February 2026.

ThreatCluster AI

Timeline

2026-01-06
Vulnerability reported to Google by Pillar Security
2026-01-14
CVE-2026-22708 published
2026-02-28
Google patched the vulnerability
2026-04-21
Vulnerability disclosed in multiple cybersecurity articles

Community

Browse all →