Critical Cursor bug could turn routine Git into RCE
Summary
A critical vulnerability in the Cursor IDE allowed for Remote Code Execution (RCE) by exploiting a feature interaction in Git. Attackers could embed malicious Git hooks within a repository, which Cursor's AI agent would then execute during routine operations, leading to code execution on the developer's machine. The vulnerability has since been patched by Cursor.
IFF Assessment
This vulnerability represents a significant risk to developers, as it allows for arbitrary code execution through seemingly routine actions within an IDE that integrates AI features.
Severity
The vulnerability allows for remote code execution via an attack vector that requires user interaction (cloning a malicious repo). The impact is high, as it can lead to complete system compromise. The exploitability is moderate, as it relies on specific Git features and AI agent interaction.
Defender Context
This incident highlights the increased attack surface introduced by AI-powered development tools. Defenders should be aware of how AI agents interact with underlying system functionalities and be vigilant about the security of code repositories and IDE configurations. Organizations should ensure that their developers are using patched versions of IDEs and are educated on the risks associated with interacting with untrusted code.