{"id":16757,"date":"2026-07-15T22:14:29","date_gmt":"2026-07-15T22:14:29","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=16757"},"modified":"2026-07-15T22:14:29","modified_gmt":"2026-07-15T22:14:29","slug":"unpatched-cursor-vulnerability-exposes-customers-to-code-execution","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=16757","title":{"rendered":"Unpatched Cursor Vulnerability Exposes Customers to Code Execution"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p class=\"wp-block-paragraph\"><strong>An unpatched vulnerability in Cursor on Home windows may be triggered for code execution when a developer opens a repository within the software, Mindgard studies.<\/strong><\/p>\n<p class=\"wp-block-paragraph\">Cursor is without doubt one of the hottest AI-assisted growth environments, with greater than 7 million lively customers.<\/p>\n<p class=\"wp-block-paragraph\">The safety defect, Mindgard says, is easy: when opening a repository, Cursor would robotically execute a malicious git.exe binary within the mission\u2019s root with out warning the consumer or asking for approval.<\/p>\n<p class=\"wp-block-paragraph\">\u201cThe vulnerability shouldn&#8217;t be theoretical and doesn&#8217;t rely on a fancy chain of exploitation, immediate injection, mannequin manipulation, jailbreaks, reminiscence corruption, or subtle attacker tradecraft. Exploitation merely requires a developer to open a mission containing a git.exe binary within the repository on the root,\u201d Mindgard says.<\/p>\n<p class=\"wp-block-paragraph\">In response to Mindgard, the problem exists as a result of, when loading a mission, Cursor appears to be like for Git binaries in a number of places, together with the workspace itself.<\/p>\n<p class=\"wp-block-paragraph\">\u201cIf an attacker planted a malicious git.exe within the repository root, Cursor will execute it robotically as a part of its path decision logic with out warning, approval, and even a sign that executable content material from the repository is about to run,\u201d Mindgard explains.<\/p>\n<div class=\"zox-post-ad-wrap\"><span class=\"zox-ad-label\">Commercial. Scroll to proceed studying.<\/span><\/div>\n<p class=\"wp-block-paragraph\">Mindgard has disclosed the vulnerability publicly after reporting it to Cursor on December 15, 2025, and receiving no response concerning a possible patch for seven months.<\/p>\n<p class=\"wp-block-paragraph\">The corporate says Cursor\u2019s CISO invited Mindgard to its bug bounty program on HackerOne in January, the place the safety defect was resubmitted and confirmed as reproducible, nevertheless it has not obtained a response from Cursor.<\/p>\n<p class=\"wp-block-paragraph\">\u201cHowever coordinated disclosure solely works when there may be coordination. Seven months after preliminary disclosure, we now have no indication that customers are being protected, that remediation is underway, or that affected organizations have been knowledgeable. And at this level, withholding data now not serves customers; it serves silence,\u201d Mindgard <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/mindgard.ai\/blog\/cursor-0day-when-full-disclosure-becomes-the-only-protection-left\">notes<\/a>.<\/p>\n<p class=\"wp-block-paragraph\"><em>SecurityWeek<\/em> has emailed Cursor for an announcement on the matter and can replace this text if the corporate responds.<\/p>\n<p class=\"wp-block-paragraph\"><strong>Associated:<\/strong> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/windows-bind-link-attacks-can-hide-malware-from-edr-tools\/\">Home windows Bind Hyperlink Assaults Can Conceal Malware From EDR Instruments<\/a><\/p>\n<p class=\"wp-block-paragraph\"><strong>Associated: <\/strong><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/vulnerabilities-patched-by-fortinet-ivanti-servicenow\/\">Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow<\/a><\/p>\n<p class=\"wp-block-paragraph\"><strong>Associated:<\/strong> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/progress-confirms-zero-day-vulnerability-behind-sharefile-disruption\/\">Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption<\/a><\/p>\n<p class=\"wp-block-paragraph\"><strong>Associated:<\/strong> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/nist-opens-updated-iot-security-guidance-to-public-review\/\">NIST Opens Up to date IoT Safety Steering to Public Overview<\/a>\n      <\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>An unpatched vulnerability in Cursor on Home windows may be triggered for code execution when a developer opens a repository within the software, Mindgard studies. Cursor is without doubt one of the hottest AI-assisted growth environments, with greater than 7 million lively customers. The safety defect, Mindgard says, is easy: when opening a repository, Cursor [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16759,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[977,6779,2205,1055,7115,342,1061],"class_list":["post-16757","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-code","tag-cursor","tag-execution","tag-exposes","tag-unpatched","tag-users","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16757","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16757"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16757\/revisions"}],"predecessor-version":[{"id":16758,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16757\/revisions\/16758"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/16759"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16757"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16757"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16757"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-07-17 21:07:54 UTC -->