LayerX researchers found that Cursor stores session tokens and API keys in an unprotected local SQLite database, allowing any installed extension to steal credentials. Cursor acknowledged the behavior as within the user’s “trust boundary” and the issue remained unfixed as of April 28, 2026. #Cursor #LayerX
Keypoints
- Cursor stores sensitive credentials in a local SQLite database at ~/Library/Application Support/Cursor/User/globalStorage/state.vscdb.
- The vulnerability is rated high severity with a CVSS score of 8.2 and represents a broken trust boundary in the editor.
- Any Cursor extension can access the database, extract API keys and session tokens, and exfiltrate them silently.
- LayerX demonstrated that credential theft requires no user interaction, visible UI change, or alerts.
- Cursor responded that this is the user’s responsibility and the issue remained unfixed as of April 28, 2026, forcing developers to vet extensions themselves.
Read More: https://securityonline.info/cursor-ai-credential-theft-vulnerability-sqlite-secrets/