Check Point researchers discovered a critical vulnerability in Cursor, an AI coding IDE, allowing malicious actors to silently execute harmful commands by exploiting trust in MCP configuration modifications. The latest update (version 1.3) addresses this issue, emphasizing the importance of timely software updates and validation in AI-driven development environments. #MCPoison #CursorVulnerability
Keypoints
- Researchers uncovered a remote code execution flaw in Cursor, an AI coding environment.
- The vulnerability allows attackers to manipulate approved MCP configurations for malicious purposes.
- Cursorβs update (version 1.3) includes safeguards requiring user approval for configuration changes.
- The attack exploits the trust model in MCP protocol, which connects AI systems with external data sources.
- Check Point warns that such vulnerabilities highlight the broader security risks in AI-assisted development tools.
Read More: https://www.theregister.com/2025/08/05/mcpoison_bug_abuses_cursor_mcp/