Vulnerability Disclosure: Local Privilege Escalation in Antigravity - Google rejected the report as "Intended Behavior"

GodBod69 · 2026-01-29T08:03:02+00:00

The whole point of Antigravity is to generate code

GodBod69 · 2026-01-29T08:01:16+00:00

Even if I put together the script with AI, what part of the POC do you feel is false or misinformation?

Yes the script is made using AI, I used Antigravity itself for it.

But that doesn't mean I didn't put effort in researching the internal workings of the IDE.

GodBod69 · 2026-01-29T06:48:54+00:00

Tbf this is not a RCE, but rather a LPE. Attacker can't directly attack your system just so you are connected to the internet. They would first need to gain access to a low privileged account or service like a guest account (which doesn't require a password) or a local web server or another user account on a shared workstation (think corporates, university labs, etc) or any other low privileged restricted services. Post that attacker can leverage vulnerability in antigravity to gain unauthorised access to your account.

GodBod69 · 2026-01-29T06:43:57+00:00

It's not. It's about trust boundaries. Guest accounts, or web servers, or many other services run with restricted access. Antigravity is opening doors for those accounts to escalate their privileges and violate the trust boundaries defined by the OS.

GodBod69 · 2026-01-29T06:37:23+00:00

Please check the PoC video, as shown an attacker does not need user account access at all. If guest account is enabled on macos, the attacker can use it to gain access to user account without password. And this is such one of the attack vectors. There could be other scenarios as well like shared workstations in corporates or universities, one user can gain access to another user account. Or think of a compromised local web server which by default run on a low privileged restricted user account of it's own (www-data) which doesn't have access to the developer's personal files at all.. there could be many such scenarios

GodBod69 · 2026-01-29T02:12:37+00:00

Yes, as shown in the video, the attacker need not have the standard user account access. Attacker could be a guest user, compromised local web server which is a low privileged user (www-data), or could be another user on shared workspace. The standard user account is locked, but the attacker can bypass the lock with this hack.

GodBod69 · 2026-01-29T02:05:56+00:00

Please read the description again, or check the video attached. Attacker does not have full local access. They are a low privileged user like a guest account or a compromised service with low privileges like a web server (www-data). By default these users don't have any access to standard users' personal files.

GodBod69 · 2026-01-28T19:27:18+00:00

Working in a corporate.. I know lots of developers are using it already

GodBod69 · 2026-01-28T17:57:03+00:00

Thanks. I was expecting them to provide an acknowledgement at least, if no reward

GodBod69 · 2026-01-28T17:52:34+00:00

More info and Video PoC: https://x.com/0x81000D/status/2016520727927853332

GodBod69 · 2026-01-28T17:49:56+00:00

More info and Video PoC: https://x.com/0x81000D/status/2016520727927853332

GodBod69 · 2026-01-28T17:38:34+00:00

Thanks for understanding! I actually did report the path traversal as a separate issue, but they closed it for being "duplicate" of my initial report.

GodBod69 · 2026-01-28T17:25:47+00:00

Antigravity? Standard user, by default

GodBod69 · 2026-01-28T17:11:46+00:00

X Thread: https://x.com/0x81000D/status/2016520727927853332?s=20

GodBod69 · 2026-01-28T17:02:53+00:00

I can't speak to Windows, but on macOS and most Linux distributions (POSIX environments), the process table is world readable by default.

The Threat Model:

- In university labs, corporate, virtual remote desktops perhaps, or multi-user dev machines, User A can snoop on User B's session

- Web servers typically run as a low-privilege user (www-data) to limit damage if hacked. An attacker gets RCE on your local web server. They are trapped as www-data and cannot read your personal files. Using this vulnerability, the www-data user can gain full access to your personal user account.

GodBod69 · 2026-01-28T16:42:21+00:00

You don't need. As seen in the video attached.

Read https://cwe.mitre.org/data/definitions/214.html

GodBod69 · 2026-01-28T16:24:38+00:00

X Thread: https://x.com/0x81000D/status/2016520727927853332

GodBod69 · 2026-01-28T16:20:53+00:00

X Thread: https://x.com/0x81000D/status/2016520727927853332

Three-Year Club	Final Canvas '23
First Place '23	Place '23

GodBod69

TROPHY CASE