A security vulnerability, CVE-2025-54136 or "MCPoison," has been identified in Cursor's MCP (Machine Configuration Protocol) server trust mechanism. This flaw allowed for persistent remote code execution if a user approved a malicious MCP server configuration, as Cursor would not re-prompt for subsequent changes. While patched, the underlying issue of trusting configurations indefinitely persists, prompting the development of a free scanner to detect similar vulnerabilities in user configurations. AI
IMPACT Highlights potential security risks in AI development tools and the need for robust configuration management.
RANK_REASON The item discusses a security vulnerability in a specific software product and the release of a tool to detect it.
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →