Cursor 0day: When Full Disclosure Becomes the Only Protection Left
5 hours ago
- #security
- #vulnerability
- #cursor-ide
- Cursor IDE automatically executes a malicious git.exe from repository root without user interaction, leading to arbitrary code execution.
- Vulnerability identified December 2025, reported multiple times but remains unfixed after over 6 months and 197+ versions, with minimal vendor response.
- Mitigations include AppLocker policies for enterprises and using isolated environments for consumers until patched.
- Proof-of-concept demonstrated with Windows Calculator renamed to git.exe, showing repeated automatic execution.
- Lack of communication from Cursor raises concerns about security processes and accountability in AI-assisted development tools.