CVE Tools
Back to feed
The Hacker News ·EN News source ResearchCursor IDE

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

By The Hacker News··6 min read
CVE Tools coverage

A critical vulnerability in the Cursor IDE allows attackers to execute arbitrary code on Windows systems by placing a malicious git.exe file in the root of a cloned repository. When opened, Cursor automatically executes this file without any user interaction or warnings, potentially leading to full system compromise. The flaw was reported to Cursor in December 2025 but remains unpatched as of July 2026. Multiple other vendors have faced similar issues, with some dismissing the risk entirely. Users are advised to use workarounds such as AppLocker rules or virtual machines until a fix is available.