Mindgard says an unpatched vulnerability in Cursor on Windows can lead to code execution when a developer opens a repository containing a malicious git.exe in the project root. The issue was disclosed to Cursor months ago, but Mindgard says it received no meaningful response or evidence of a patch. #Cursor #Mindgard #git.exe
Keypoints
- Cursor on Windows can execute a malicious git.exe from a repository root.
- Triggering the flaw only requires opening the affected project.
- The attack does not rely on prompt injection or complex exploitation chains.
- Mindgard reported the issue to Cursor and later confirmed it in HackerOne.
- Mindgard says no patch or coordinated response has been provided after seven months.
Read More: https://www.securityweek.com/unpatched-cursor-vulnerability-exposes-users-to-code-execution/