Security2026-06-26 · source-backed
The config file is the new attack surface, across every IDE.
Story
The Amazon Q bug is one instance of a 2026 pattern: MCP configuration carried in repositories is now an RCE supply-chain vector, not just untrusted tool output. Cursor, VS Code, Windsurf, Claude Code, and Gemini-CLI are all vulnerable to MCP-based auto-launch attacks (Windsurf reportedly exploitable with zero user interaction). VIPER-MCP's scan of ~40K repos produced 67 CVEs. We solved this for package managers with lockfiles and signatures. The MCP config layer has none of that yet.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Shared topic / Earlier coverage / Tension
mTarsier v1.0: Unified MCP Config Manager Across 12+ Clients.
Both cover Claude Code, CLI, Cursor, MCP; overlapping topics (claude, code, config, configuration, cursor); earlier Claude Code coverage from 2026-03-16.
CircleCI ships an MCP server wiring pipeline data into coding agents.
Both cover Claude Code, Cursor, MCP, VS Code; overlapping topics (amazon, attack, claude, code); earlier Claude Code coverage from 2026-06-17.
Shared entities / Shared topic / Earlier coverage
The Terminal Is the New IDE. Every Major Lab Agrees.
Both cover Claude Code, CLI, Cursor, IDE; overlapping topics (claude, code); earlier Claude Code coverage from 2026-05-24.
The IDE Is No Longer the Center of the Universe
Both cover Claude Code, CLI, Cursor, IDE; overlapping topics (claude, code); earlier Claude Code coverage from 2026-05-20.
Shared entities / Shared topic / Earlier coverage / Tension
Cursor 3 Ditches VS Code for Agent Orchestration. Claude Code Holds 54% Market Share at $1.2B ARR.
Both cover Claude Code, CLI, Cursor, IDE; overlapping topics (claude, code, cursor); earlier Claude Code coverage from 2026-04-16.
Shared entities / Shared topic / Earlier coverage
One click to RCE: ~12,520 exposed MCP servers and a symlink trick that owns six major coding agents
Both cover Claude Code, Cursor, MCP, RCE; overlapping topics (claude, code, config, cursor); earlier Claude Code coverage from 2026-06-07.
IDEsaster: 100% of Tested AI IDEs Vulnerable to Prompt Injection → RCE
Both cover Cursor, CVEs, IDE, RCE; overlapping topics (attack, code, cursor, cves); earlier Cursor coverage from 2026-02-27.
LogRocket February Power Rankings: Open-Source Breaks Into Top 5
Both cover Claude Code, CLI, Cursor, Gemini; overlapping topics (claude, code, cursor, windsurf); earlier Claude Code coverage from 2026-02-24.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — June 26, 2026
- AI generated
- no
- Story unit
- 2026-06-26-the-config-file-is-the-new-attack-surface-across-every-ide
- Labels
- source-backed, canonical briefing excerpt