Unpatched Cursor Vulnerability Exposes Users to Code Execution

Unpatched Cursor Vulnerability Exposes Users to Code Execution
Mindgard says an unpatched vulnerability in Cursor on Windows can lead to code execution when a developer opens a repository containing a malicious git.exe in the project root. The issue was disclosed to Cursor months ago, but Mindgard says it received no meaningful response or evidence of a patch. #Cursor #Mindgard #git.exe

Keypoints

  • Cursor on Windows can execute a malicious git.exe from a repository root.
  • Triggering the flaw only requires opening the affected project.
  • The attack does not rely on prompt injection or complex exploitation chains.
  • Mindgard reported the issue to Cursor and later confirmed it in HackerOne.
  • Mindgard says no patch or coordinated response has been provided after seven months.

Read More: https://www.securityweek.com/unpatched-cursor-vulnerability-exposes-users-to-code-execution/