Back

Cursor IDE Vulnerability Allows RCE via Malicious Git Repositories

Severity: High (Score: 74.0)

Sources: Csoonline, Cybersecuritynews

Summary

A critical vulnerability in the Cursor IDE, tracked as CVE-2026-26268, has been disclosed, allowing arbitrary code execution (RCE) on developers' machines. The flaw arises from the interaction between Cursor's AI agent and standard Git features, enabling attackers to execute malicious code when a developer clones a compromised repository. Specifically, the vulnerability exploits Git hooks and bare repositories, where an attacker can embed harmful scripts that execute during routine Git operations. The issue affects Cursor versions prior to 2.5 and has been rated with a severity score of 9.9 out of 10 by the NVD. As of now, there are no reports of in-the-wild exploitation, and a patch has been released by Cursor. Security experts warn that the expanded capabilities of AI-driven IDEs increase the risk of such vulnerabilities. Developers are advised to update their Cursor IDE to the latest version to mitigate this risk. Key Points: • CVE-2026-26268 allows RCE through malicious Git repository interactions. • The vulnerability affects Cursor IDE versions prior to 2.5 and has a severity score of 9.9. • A patch has been released, but there are currently no known exploitations in the wild.

Key Entities

  • Cursor (company)
  • CVE-2026-26268 (cve)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • Cursor IDE (platform)
  • Git (tool)
  • Git Hooks (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed