Cursor IDE Vulnerability Allows Malicious Code Execution via Poisoned Repositories

Cursor IDE Vulnerability Allows Malicious Code Execution via Poisoned Repositories

First seen 14 Jul 2026, 19:58 UTC Darkreadingmindgard.aiFeeds.Feedburnerwww.techtarget.com 89% similarity 69.8

Article Content

Browse articles
ThreatCluster

A critical vulnerability in the Cursor IDE allows for the automatic execution of malicious binaries when developers open projects containing a poisoned 'git.exe' file. Discovered by Mindgard on December 15, 2025, the flaw remains unaddressed despite multiple disclosures to Cursor. The vulnerability affects over 7 million active users and can be exploited effortlessly, granting attackers code execution with the developer's privileges. Users are advised to open untrusted repositories only in isolated environments until a patch is released. Mindgard's attempts to engage with Cursor have been met with silence, prompting a public disclosure of the vulnerability. The lack of response from Cursor raises significant concerns about user safety and security practices.

Key Points: • Cursor IDE vulnerability allows execution of malicious binaries from poisoned repositories. • Over 7 million users are at risk due to the unaddressed vulnerability reported since December 2025. • Users are advised to isolate untrusted repositories until a fix is implemented.

ThreatCluster AI

Timeline

2025-12-15
Vulnerability discovered and reported to Cursor
Mindgard identified a critical flaw allowing execution of malicious binaries and reported it to Cursor.
mindgard.ai
2026-07-14
Public disclosure of vulnerability details
After months of silence from Cursor, Mindgard released full details of the vulnerability to inform users.
Darkreading
2026-07-14
Cursor's lack of response noted
Despite multiple attempts to engage with Cursor, Mindgard reported no acknowledgment or resolution from the company.
mindgard.ai

Community

Browse all →