A security flaw in the Cursor AI-powered IDE can lead to automatic execution of malicious tasks when a developer opens infected repositories. Threat actors could exploit this vulnerability to steal credentials, drop malware, or hijack developer environments. #Cursor #WorkspaceTrust
Keypoints
- The vulnerability arises from Cursor disabling the Workspace Trust feature from VS Code.
- Opening a repository with a malicious tasks.json file can trigger arbitrary code execution.
- Threat actors can potentially steal sensitive data or establish C2 infrastructure through this flaw.
- Cursor developers intend to keep the auto-run behavior despite the security risks.
- Oasis Security recommends using safer editors for unknown repositories and enabling Workspace Trust.