Cursor IDE Vulnerability Allows RCE via Malicious Git Repositories

Cursor IDE Vulnerability Allows RCE via Malicious Git Repositories

First seen 29 Apr 2026, 13:01 UTC CsoonlineGbhackersCybersecuritynews 78% similarity 74.0

Article Content

Browse articles
ThreatCluster

A critical vulnerability in the Cursor IDE, tracked as CVE-2026-26268, has been disclosed, allowing arbitrary code execution (RCE) on developers' machines. The flaw arises from the interaction between Cursor's AI agent and standard Git features, enabling attackers to execute malicious code when a developer clones a compromised repository. Specifically, the vulnerability exploits Git hooks and bare repositories, where an attacker can embed harmful scripts that execute during routine Git operations. The issue affects Cursor versions prior to 2.5 and has been rated with a severity score of 9.9 out of 10 by the NVD. As of now, there are no reports of in-the-wild exploitation, and a patch has been released by Cursor. Security experts warn that the expanded capabilities of AI-driven IDEs increase the risk of such vulnerabilities. Developers are advised to update their Cursor IDE to the latest version to mitigate this risk.

Key Points: • CVE-2026-26268 allows RCE through malicious Git repository interactions. • The vulnerability affects Cursor IDE versions prior to 2.5 and has a severity score of 9.9. • A patch has been released, but there are currently no known exploitations in the wild.

ThreatCluster AI

Timeline

2026-02-13
CVE-2026-26268 published
2026-04-28
CSOonline article published detailing the vulnerability
2026-04-29
Cybersecuritynews article published on the vulnerability

Community

Browse all →