By Interestana AI Editorial — AI-drafted, human-overseen. How we report
Cursor Vulnerability Allows Code Execution Via Cloned Repositories

A significant security vulnerability was discovered in the Cursor IDE on Windows, allowing malicious actors to execute arbitrary code by simply opening a cloned repository. The flaw, detailed in a security advisory this week, stems from how Cursor handles a file named git.exe when present in the root directory of a project. When a repository containing such a file is opened within Cursor, the IDE automatically executes the git.exe binary without any user prompt, confirmation dialog, or warning.
This automatic execution means that any code embedded within the git.exe file can run with the user's privileges. This poses a severe risk, as it could lead to the compromise of sensitive information such as source code, SSH keys, and cloud tokens. The vulnerability is particularly concerning because the malicious git.exe can be re-executed continuously as long as the compromised project remains open in Cursor. The security researchers who identified the flaw emphasized that no user interaction beyond opening the repository is required for the exploit to occur.
The Cursor development team has acknowledged the vulnerability and is working on a patch. Users are advised to exercise extreme caution when cloning repositories from untrusted sources or when opening projects that may have been tampered with. Until a fix is released, disabling automatic execution of binaries or carefully inspecting the contents of newly cloned repositories are recommended mitigation strategies. The exact timeline for the patch release has not yet been specified by the company.
Original source — read the full reporting at the publisher:
Read on The Hacker NewsGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.