A significant security vulnerability has been identified in Cursor, an AI-powered code editor used by over seven million developers worldwide. This flaw allows malicious actors to execute arbitrary code on Windows systems without requiring any user interaction, merely by opening a compromised Git repository.
Discovery and Reporting of the Flaw
The vulnerability was uncovered by the cybersecurity firm Mindgard on December 15, 2025. It was promptly reported to Cursor’s security team on the same day. Despite nearly 200 version updates since the initial discovery, the issue persists in the latest software release, leading Mindgard to publicly disclose the flaw after receiving no substantial response from the vendor over a seven-month period.
Technical Details of the Vulnerability
This security issue arises from Cursor’s method of resolving Git binaries when loading development projects. If an attacker plants a malicious file named git.exe in the workspace root, Cursor automatically executes this file as part of its normal operations, without prompting the user or providing any warnings. Mindgard’s report highlights this automatic execution flaw, demonstrated through a proof-of-concept using a renamed Windows Calculator executable.
The execution of the malicious binary occurs repeatedly whenever the project directory is opened in Cursor, as confirmed by Sysinternals Process Monitor logs. This vulnerability could be exploited in real-world scenarios to deploy harmful payloads such as ransomware or credential-stealing software.
Industry Response and Mitigation Strategies
Mindgard’s attempts to follow industry-standard coordinated disclosure practices included repeated communications with Cursor via various channels, including LinkedIn and HackerOne. An initial response from Cursor’s Chief Information Security Officer attributed the delay to a technical error. Despite this, the issue remained unresolved as new software versions continued to be released.
In the absence of an official patch, organizations must implement alternative security measures to protect their systems. Recommended strategies include deploying path-based deny rules through tools like AppLocker and integrating Endpoint Detection and Response (EDR) solutions to monitor for unauthorized activities associated with Cursor.exe.
Precautions for Developers and Organizations
Developers are advised to exercise caution by isolating untrusted repositories in virtual machines or sandbox environments until a fix is provided. Furthermore, active process monitoring should be conducted to identify any unauthorized child processes that may indicate exploitation attempts.
This ongoing vulnerability highlights the critical need for robust security practices surrounding third-party scripts and applications within development environments. Until a formal solution is provided, vigilance and proactive security configurations remain essential.
