Vulnerability in Google's Antigravity Allows Remote Code Execution via Prompt Injection

Severity: High (Score: 70.5)

Sources: Cyberscoop, www.pillar.security

Summary

Pillar Security researchers have identified a critical vulnerability in Google's Antigravity IDE that allows attackers to achieve remote code execution (RCE) through prompt injection. The flaw arises from insufficient input sanitization in the 'find_by_name' tool's Pattern parameter, which directly invokes the underlying 'fd' command without validation. This vulnerability bypasses Antigravity's Secure Mode, which is intended to restrict network access and sandbox command operations. The exploit enables attackers to inject command-line flags, including the dangerous '-X' flag, allowing execution of arbitrary commands. The vulnerability was reported to Google on January 6, 2026, and was patched on February 28, 2026. This incident highlights a broader trend of similar vulnerabilities in agentic IDEs, emphasizing the need for stricter input validation. Organizations using Antigravity should ensure they have applied the latest patches to mitigate this risk. Key Points: • A critical vulnerability in Google's Antigravity IDE allows for remote code execution. • The flaw exploits insufficient input sanitization in the 'find_by_name' tool. • The vulnerability has been patched, but organizations must ensure updates are applied.

Key Entities

• Command Injection (attack_type)
• Google (company)
• Cursor (company)
• CVE-2026-22708 (cve)
• CWE-78 - OS Command Injection (cwe)
• T1059.004 - Unix Shell (mitre_attack)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• Antigravity (platform)
• Fd (tool)