ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Developer Tools

Cursor on Windows can execute a malicious root-level git.exe

Source headline: Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Threat level Critical
Signal strength 85/100
Source confidence 1 source
Published 3 hours ago

Intelligence Summary

A Cursor flaw on Windows allows a project folder to trigger code execution automatically. If a repository’s root contains a file named git.exe, Cursor runs it when you open the project. The executed binary runs with your user context, accessing your local environment such as files and credentials. Cursor can keep re-running the binary as long as the project remains open, without any prompt or warning. Users should avoid opening untrusted repositories in Cursor on Windows and remove/scan unexpected git.exe files in project roots.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#supply-chain #windows #code-execution #developer-tools #cursor #repository
Original reporting The Hacker News Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution
Open original source