← The Wire

Security2026-06-26 · source-backed

The config file is the new attack surface, across every IDE.

Confidence
source-backed
Sources
1
Redaction
passed

Story

The Amazon Q bug is one instance of a 2026 pattern: MCP configuration carried in repositories is now an RCE supply-chain vector, not just untrusted tool output. Cursor, VS Code, Windsurf, Claude Code, and Gemini-CLI are all vulnerable to MCP-based auto-launch attacks (Windsurf reportedly exploitable with zero user interaction). VIPER-MCP's scan of ~40K repos produced 67 CVEs. We solved this for package managers with lockfiles and signatures. The MCP config layer has none of that yet.

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Shared topic / Earlier coverage / Tension

    mTarsier v1.0: Unified MCP Config Manager Across 12+ Clients.

    Both cover Claude Code, CLI, Cursor, MCP; overlapping topics (claude, code, config, configuration, cursor); earlier Claude Code coverage from 2026-03-16.

  2. CircleCI ships an MCP server wiring pipeline data into coding agents.

    Both cover Claude Code, Cursor, MCP, VS Code; overlapping topics (amazon, attack, claude, code); earlier Claude Code coverage from 2026-06-17.

  3. Shared entities / Shared topic / Earlier coverage

    The Terminal Is the New IDE. Every Major Lab Agrees.

    Both cover Claude Code, CLI, Cursor, IDE; overlapping topics (claude, code); earlier Claude Code coverage from 2026-05-24.

  4. The IDE Is No Longer the Center of the Universe

    Both cover Claude Code, CLI, Cursor, IDE; overlapping topics (claude, code); earlier Claude Code coverage from 2026-05-20.

  5. Shared entities / Shared topic / Earlier coverage / Tension

    Cursor 3 Ditches VS Code for Agent Orchestration. Claude Code Holds 54% Market Share at $1.2B ARR.

    Both cover Claude Code, CLI, Cursor, IDE; overlapping topics (claude, code, cursor); earlier Claude Code coverage from 2026-04-16.

  6. Shared entities / Shared topic / Earlier coverage

    One click to RCE: ~12,520 exposed MCP servers and a symlink trick that owns six major coding agents

    Both cover Claude Code, Cursor, MCP, RCE; overlapping topics (claude, code, config, cursor); earlier Claude Code coverage from 2026-06-07.

  7. IDEsaster: 100% of Tested AI IDEs Vulnerable to Prompt Injection → RCE

    Both cover Cursor, CVEs, IDE, RCE; overlapping topics (attack, code, cursor, cves); earlier Cursor coverage from 2026-02-27.

  8. LogRocket February Power Rankings: Open-Source Breaks Into Top 5

    Both cover Claude Code, CLI, Cursor, Gemini; overlapping topics (claude, code, cursor, windsurf); earlier Claude Code coverage from 2026-02-24.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-06-26-the-config-file-is-the-new-attack-surface-across-every-ide
Labels
source-backed, canonical briefing excerpt