ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Developer Tools

Cursor auto-executes malicious git.exe from unpatched project roots

Source headline: Unpatched Cursor Vulnerability Exposes Users to Code Execution

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 9 hours ago

Intelligence Summary

A vulnerability in Cursor allows code execution when a malicious repository contains a git.exe at the project root. Cursor may automatically run the file during repository handling, even without user intent. This can lead to arbitrary command execution on the user’s machine. The risk affects anyone using Cursor to open untrusted or unverified repositories. Users should avoid opening unknown projects and update Cursor if a fix is available.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#supply-chain #code-execution #developer-tools #cursor #gitexe
Original reporting SecurityWeek Unpatched Cursor Vulnerability Exposes Users to Code Execution
Open original source