Cursor IDE Vulnerability Could Allow Malicious Repositories to Execute Code Automatically
What happened
Security researchers at Mindgard have disclosed a vulnerability in the Cursor AI-powered integrated development environment (IDE) that could allow attackers to execute malicious code simply by convincing a developer to open a compromised repository.
According to Mindgard, Cursor searches for Git binaries in several locations when opening a project, including the repository’s root directory. If an attacker places a malicious executable named git.exe in that location, Cursor may automatically execute it without warning or requiring user approval.
To demonstrate the issue, Mindgard created a proof-of-concept by renaming the Windows Calculator application to git.exe and placing it in a repository. Opening the project in Cursor was enough to launch the executable automatically, showing how easily an attacker could trigger code execution.
Mindgard said it first reported the vulnerability to Cursor in December 2025 and submitted multiple follow-up reports through email, LinkedIn, and HackerOne. The company stated that it received no meaningful response before publicly disclosing the issue. After being contacted by Dark Reading, a Cursor spokesperson confirmed the company is addressing the vulnerability and plans to respond to Mindgard.
Who is affected
The vulnerability primarily affects developers using Cursor on Windows systems, particularly those who regularly clone or open repositories from external or untrusted sources.
Organizations with software development teams using Cursor may also be exposed. A successful attack could execute malware with the same privileges as the developer, potentially leading to credential theft, ransomware deployment, or unauthorized access to development environments.
Aaron Portnoy, Chief Product Officer at Mindgard, warned that the vulnerability is both easy to exploit and simple to fix. He noted that attackers could disguise virtually any malicious payload as git.exe, allowing it to execute automatically when a repository is opened.
Why CISOs should care
Development environments continue to be attractive targets for attackers because they often provide access to source code, secrets, cloud credentials, and software supply chains. This vulnerability highlights how trusted developer tools can become attack vectors when security controls fail to validate executable content.
The incident also underscores the risks associated with AI-powered development tools as organizations accelerate adoption. Security teams should ensure these tools undergo the same security reviews and hardening measures as any other enterprise software.
3 practical actions
Review whether Cursor is deployed within development environments and monitor vendor updates for an official security patch.
Restrict execution of unauthorized binaries using controls such as Windows App Control or AppLocker where appropriate.
Require developers to open untrusted repositories only within isolated environments, such as virtual machines or Windows Sandbox, until the vulnerability is fully remediated.


