PulseAugur
EN
LIVE 20:57:09

Cursor IDE's critical zero-day vulnerability remains unpatched after 7 months

A critical zero-day vulnerability in the AI-powered code editor Cursor allows for arbitrary code execution when a user opens a malicious project. The vulnerability, discovered by Mindgard, involves a planted `git.exe` in the project root that Cursor automatically executes without user interaction. Despite multiple attempts to report the issue over seven months, Cursor has reportedly failed to respond adequately, initially closing the report as out of scope and then ceasing communication. This lack of response is concerning given Cursor's large user base and reported valuation. AI

IMPACT Highlights potential security risks in AI-assisted development tools, urging caution with untrusted codebases.

RANK_REASON Disclosure of a security vulnerability in a widely used software tool.

Read on Mastodon — sigmoid.social →

AI-generated summary · Google Gemini · from 2 sources. How we write summaries →

Cursor IDE's critical zero-day vulnerability remains unpatched after 7 months

COVERAGE [2]

  1. Hacker News — AI stories ≥50 points TIER_1 English(EN) · Synthetic7346 ·

    Cursor 0day: When Full Disclosure Becomes the Only Protection Left

  2. Mastodon — sigmoid.social TIER_1 English(EN) · [email protected] ·

    Cursor 0day: When Full Disclosure Becomes the Only Protection Left https:// mindgard.ai/blog/cursor-0day-w hen-full-disclosure-becomes-the-only-protection-left

    Cursor 0day: When Full Disclosure Becomes the Only Protection Left https:// mindgard.ai/blog/cursor-0day-w hen-full-disclosure-becomes-the-only-protection-left # ai