Back to News
Cybersecurity

Critical Vulnerability in Cursor Allows Unchecked Code Execution from Cloned Repositories

A newly discovered flaw in the Cursor application enables malicious code execution without user consent, posing significant risks to Windows users.

A serious vulnerability in the Cursor application for Windows has been identified, allowing malicious code execution without user interaction. When a repository containing a file named 'git.exe' is opened in Cursor, the application automatically executes the file without any prompts or warnings. This means that any binary within the project root can run with the same permissions as the user, potentially compromising sensitive information such as source code, SSH keys, and cloud tokens. The binary continues to execute as long as the project is open, amplifying the risk of prolonged exposure to malicious activities.

For businesses utilizing Cursor, this flaw underscores the necessity for stringent security protocols when handling code repositories. Organizations should be vigilant about the sources of their cloned repositories and implement measures to review or sanitize such files before execution. This incident highlights the broader implications for cybersecurity, where unchecked code execution can lead to significant breaches. Furthermore, it serves as a reminder of the critical need for continuous monitoring and patching of software vulnerabilities, particularly in tools that integrate closely with development environments.

---

*Originally reported by [The Hacker News](https://thehackernews.com/2026/07/cursor-flaw-lets-malicious-cloned.html)*