CursorLiveAppeal 9.01 min read

Cursor IDE Executes Malicious Binaries

15 July 2026By Pulse24 desk
← Back
Share →

What happened

Mindgard, a security firm, disclosed a zero-day vulnerability in Cursor, an AI-assisted integrated development environment (IDE), allowing arbitrary code execution without user interaction. The flaw enables Cursor to automatically execute a malicious git.exe file placed in a project's root directory when a developer opens the repository. Mindgard identified the vulnerability on 15 December 2025 and reported it repeatedly; however, Cursor has not issued a patch across more than 197 subsequent versions over more than six months. Cursor serves 7 million+ active users, including 1 million+ daily users, and is deployed across 50,000+ companies.

Why it matters

This vulnerability creates a critical supply chain risk for platform engineers and security architects managing developer environments. Cursor's automatic execution of untrusted code from project files, unmitigated for more than six months, forces organisations to implement temporary controls such as AppLocker policies or mandate isolated virtual machines for untrusted repositories. This incident underscores a recurring challenge in AI-assisted development tools, following similar security concerns like the GitHub AI Agent leaking private repositories.

Source · mindgard.aiAI-processed content may differ from the original.
Published 15 July 2026