VulnerabilitiesApr 21, 2026
Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool
Google patches critical RCE vulnerability in AI antigravity filesystem tool via prompt injection.
Summary
Google has fixed a critical remote code execution flaw in its agentic AI product designed for filesystem operations. The vulnerability stemmed from inadequate input sanitization in prompt handling, allowing attackers to escape the sandbox and achieve arbitrary code execution through prompt injection attacks.
Entities
Google (vendor)Antigravity (product)Prompt injection (technology)