A distant code execution vulnerability has been found within the Cursor AI Code Editor, enabling a malicious code repository to run code on a consumer’s machine upon opening mechanically.
The analysis group at Oasis Safety uncovered the flaw, which bypasses typical consumer consent prompts by exploiting a default configuration setting within the standard editor.
In response to Oasis Safety, the core of the vulnerability lies in Cursor transport with its “Workspace Belief” characteristic disabled by default. This safety setting, current in VS Code, is designed to stop untrusted code from executing mechanically.
With this characteristic off, an attacker can craft a malicious code repository containing a specifically configured .vscode/duties.json file. By setting the runOptions.runOn parameter to “folderOpen”, any instructions inside this job file will execute the second a developer opens the mission folder in Cursor.
Cursor AI Code Editor RCE Vulnerability
This transforms a seemingly innocent motion into silent code execution inside the consumer’s safety context, with none warning or immediate for belief. An attacker can leverage this to steal delicate info, modify native information, or set up a connection to a command-and-control server.
This vulnerability poses a big threat as a result of developer machines are sometimes treasure troves of high-privilege credentials. Compromising a developer’s laptop computer can provide an attacker fast entry to cloud API keys, Private Entry Tokens (PATs), and lively SaaS classes.
The hazard extends past the person machine; with an preliminary foothold, an attacker can pivot to linked CI/CD pipelines and cloud infrastructure.
This lateral motion is particularly regarding as it might probably result in the compromise of non-human identities, similar to service accounts, which frequently possess broad and highly effective permissions throughout a company’s atmosphere. A single booby-trapped repository may provoke a widespread safety incident.
Cursor customers operating the default configuration are immediately affected by this vulnerability. In distinction, normal Visible Studio Code customers with Workspace Belief enabled are at a decrease threat, because the characteristic blocks automated job execution till the consumer explicitly grants belief to the mission folder.
In response to the disclosure, Cursor has said that customers can manually allow Workspace Belief and that up to date safety steering will probably be printed quickly.
Oasis Safety has offered fast hardening suggestions for improvement groups. Customers ought to allow Workspace Belief in Cursor, require the startup immediate, and think about setting the duty.allowAutomaticTasks desire to “off”.
It’s also suggested to open all unknown repositories in a safe, remoted atmosphere, similar to a disposable container or digital machine, to stop potential execution.
Discover this Story Fascinating! Observe us on Google Information, LinkedIn, and X to Get Extra On the spot Updates.
