Cursor Vulnerability Allows API Key Theft via Rogue Extensions

Severity: High (Score: 69.0)

Sources: Infosecurity-Magazine, Gbhackers, Cybersecuritynews, layerxsecurity.com

Summary

A high-severity vulnerability in the Cursor AI development tool enables any installed extension to access sensitive API keys and session tokens without user interaction. Discovered by LayerX, this flaw has a CVSS score of 8.2 and stems from Cursor's use of an unprotected local SQLite database for storing credentials. As a result, any extension, regardless of permissions, can directly query this database, leading to potential credential theft and unauthorized access to third-party services. LayerX reported the issue to Cursor, which acknowledged it but stated that users must define their own trust boundaries. As of April 28, 2026, the vulnerability remains unpatched, posing significant risks to developers using Cursor. Malicious extensions can be disguised as harmless tools, making detection challenging. The implications extend beyond Cursor, potentially affecting services like OpenAI and Google. Key Points: • Cursor's vulnerability allows any extension to access sensitive API keys and session tokens. • The flaw has a CVSS score of 8.2 and remains unpatched as of April 28, 2026. • Malicious extensions can extract credentials without user interaction, increasing the risk of data theft.

Key Entities

• Data Breach (attack_type)
• Cursor (company)
• LayerX (company)
• Anthropic (company)
• Google (company)
• OpenAI (company)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-862 - Missing Authorization (cwe)
• T1003 - OS Credential Dumping (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1567.002 - Exfiltration to Cloud Storage (mitre_attack)
• CursorJacking (vulnerability)