What happened
Mindgard, a security firm, disclosed a zero-day vulnerability in Cursor, an AI-assisted integrated development environment (IDE), allowing arbitrary code execution without user interaction. The flaw enables Cursor to automatically execute a malicious git.exe file placed in a project's root directory when a developer opens the repository. Mindgard identified the vulnerability on 15 December 2025 and reported it repeatedly; however, Cursor has not issued a patch across more than 197 subsequent versions over more than six months. Cursor serves 7 million+ active users, including 1 million+ daily users, and is deployed across 50,000+ companies.
Why it matters
This vulnerability creates a critical supply chain risk for platform engineers and security architects managing developer environments. Cursor's automatic execution of untrusted code from project files, unmitigated for more than six months, forces organisations to implement temporary controls such as AppLocker policies or mandate isolated virtual machines for untrusted repositories. This incident underscores a recurring challenge in AI-assisted development tools, following similar security concerns like the GitHub AI Agent leaking private repositories.




