A significant security flaw has been identified in Cursor, an AI-driven coding environment, which exposes developer credentials to potential threats. Rated at a high severity level of 8.2 on the CVSS scale, this vulnerability allows any installed extension to access and compromise a developer’s API keys and session tokens without detection.
Unsecured Database and Extensions
LayerX’s discovery reveals that Cursor does not store sensitive secrets securely. Unlike applications that utilize protected keychains, Cursor keeps these credentials in an unprotected SQLite database, specifically located at ~/Library/Application Support/Cursor/User/globalStorage/state.vscdb. Due to the absence of access control boundaries between extensions and this database, any installed extension can easily read its contents.
The vulnerability does not require special privileges, making it accessible to any malicious extension. Attackers can deploy seemingly benign extensions that, once installed by developers, quietly extract sensitive data from the local database without user consent or notification.
Potential Risks of Credential Exposure
The implications of this flaw are severe, especially for developers who rely on third-party AI services. Compromised credentials could lead to unrestricted access to session tokens and backend services, resulting in unauthorized access to private data and sensitive information. Additionally, attackers could exploit stolen API keys to incur significant financial losses by triggering automated charges.
Moreover, the breach could lead to the exposure of linked AI accounts with providers like OpenAI, Google, or Anthropic, further extending the potential damage.
Vendor Response and Recommendations
LayerX reported the issue to Cursor on February 1, 2026, with acknowledgment from Cursor’s security team on February 5. Despite recognizing the vulnerability, Cursor stated that extensions operate within the same trust boundary as the user, and any local application could potentially access this data. As of April 28, 2026, the vulnerability remains unresolved.
Security experts recommend implementing strict isolation boundaries between extensions and moving credentials to encrypted storage like Windows Credential Manager or macOS Keychain. In the interim, developers are advised to audit their installed extensions and refrain from using unverified tools.
For ongoing updates on cybersecurity and more, follow us on Google News, LinkedIn, and X. Reach out to us for more information or to feature your stories.
