Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Summary

A critical flaw has been discovered in the Cursor code editor that allows malicious cloned repositories to execute arbitrary code on Windows. If a repository contains a file named 'git.exe' in its root directory, Cursor will automatically run it without any user interaction, potentially exposing sensitive data and credentials.

IFF Assessment

FOE

This vulnerability allows attackers to execute arbitrary code on a user's machine, posing a significant threat to defenders.

Severity

9.0 Critical (AI Estimated)

This vulnerability has a high attack vector (local file inclusion) and a high impact, allowing for complete system compromise and data exfiltration without user interaction.

Defender Context

This vulnerability highlights the risks associated with opening untrusted code repositories, especially in developer tools. Defenders should be wary of code execution vulnerabilities in IDEs and educate users on the importance of verifying the source of code before opening projects. Monitoring for unauthorized 'git.exe' execution or unusual process behavior within development environments could be a valuable detection strategy.

Read Full Story →