Cybersecurity News • 1h
Mozilla 0DIN: Exploiting Claude Code, Cursor, Gemini CLI, and CVE-2026-47729 Squidbleed
The Mozilla 0DIN research group has identified a critical vulnerability in agentic AI coding tools, including Claude Code, Cursor, and Gemini CLI, where malicious intent is realized at runtime rather than through static code. By weaponizing the "automated error-recovery" behavior, attackers use seemingly benign repositories to trigger error states that prompt the AI to execute terminal commands. These commands facilitate out-of-band (OOB) payload delivery via DNS TXT records, which can subsequently exploit CVE-2026-47729 (Squidbleed)—a heap over-read in the Squid Web Proxy—or establish direct reverse shells on developer workstations and CI/CD runners, effectively bypassing SAST, secret scanners, and human code review.