Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Vulnerability in Cursor Allows Windows Code Execution

Critical Vulnerability in Cursor Allows Windows Code Execution

Posted on July 15, 2026 By CWS

The AI security company Mindgard has identified a serious vulnerability in the Cursor application for Windows, which allows for arbitrary code execution. This flaw was reported to Cursor on December 15, 2025, but remains unpatched. The exploit occurs when a file named git.exe is present in the root of a cloned repository, which Cursor executes without any user interaction or warnings.

Details of the Vulnerability

The vulnerability arises from Cursor’s search mechanism for Git binaries when loading a project. If a binary named git.exe exists in the project root, Cursor will execute it, granting the binary access to the user’s resources and credentials. This flaw allows attackers to execute code with the same permissions as the logged-in user, simply by opening a maliciously crafted repository.

Mindgard demonstrated this vulnerability using a proof of concept where they renamed the Windows Calculator to git.exe and added it to a repository’s root. Upon opening the repository in Cursor, the calculator was executed repeatedly, highlighting the ease of exploitation.

Response and Mitigation

Despite the severity of the issue, Cursor has yet to release a fix, and no advisory has been published. Mindgard suggests several workarounds, such as using AppLocker or Windows App Control to block the execution of suspicious binaries within workspace roots. Additionally, they recommend developers use disposable VMs or Windows Sandbox for opening untrusted repositories to mitigate potential risks.

Cursor’s initial response to Mindgard’s report was delayed, and subsequent correspondence showed little progress toward resolving the issue. This has led Mindgard to disclose the vulnerability publicly after exhausting other options.

Impact on Other Platforms

This vulnerability is not unique to Cursor. Similar issues have been identified in other AI tools like GitHub Copilot CLI, Gemini CLI, and Codex desktop app. These applications also execute binaries from the current working directory before checking trusted system paths. However, no patches have been issued by these vendors either.

In contrast, AWS addressed a related issue in its Kiro tool by patching a separate file-write vulnerability, demonstrating that some vendors are taking steps to improve security.

Conclusion and Outlook

This vulnerability highlights a significant security gap in how some development tools handle executable files within repositories. As cloning repositories is a common practice among developers, the potential for exploitation is high. Until a patch is released, developers are advised to treat cloned repositories as potentially harmful content and apply recommended workarounds to protect their systems.

The Hacker News Tags:AI tools, AWS, code execution, Cursor, Cybersecurity, GitHub, Mindgard, OpenAI, repository cloning, security flaw, software patch, Vulnerability, Windows

Post navigation

Previous Post: Chinese Hackers Use AI Tools in Sophisticated Cyberattacks
Next Post: US Indicts Russians for Cybercrime Operations

Related Posts

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper The Hacker News
Security Flaw in Vertex AI Risks Google Cloud Data Security Flaw in Vertex AI Risks Google Cloud Data The Hacker News
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers The Hacker News
New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands The Hacker News
Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More The Hacker News
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Malicious Game Cheats Give Hackers Remote Access to PCs
  • Cloud & Data Security Summit: Key Insights Today
  • AI Challenges SASE Security: New Strategies Needed
  • Chrome 150 Update Fixes Critical Security Flaws
  • US Indicts Russians for Cybercrime Operations

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Malicious Game Cheats Give Hackers Remote Access to PCs
  • Cloud & Data Security Summit: Key Insights Today
  • AI Challenges SASE Security: New Strategies Needed
  • Chrome 150 Update Fixes Critical Security Flaws
  • US Indicts Russians for Cybercrime Operations

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark