Security researchers discovered that Cursor automatically runs executable files, allowing attackers to inject malicious code through compromised projects.
Cursor, a popular AI-powered code editor, has a serious security flaw that puts developers at significant risk. The problem is straightforward: when you open a project folder in Cursor, the application automatically looks for and executes a file called git.exe in that project's root directory. An attacker can exploit this by uploading a malicious git.exe file to a repository, and when developers clone or open that project, the harmful code runs without warning.
Think of it like downloading a briefcase from the internet and automatically opening it without checking what's inside first. Except in this case, the moment you open it, whatever's inside instantly runs on your computer.
This isn't a minor glitch—it's a direct pathway for attackers to execute whatever code they want on a developer's machine. Someone could hide malicious instructions inside that fake git.exe file, and Cursor would run them with the same privileges as your user account. This means attackers could:
The vulnerability becomes especially dangerous because developers often work with multiple repositories, and many share code openly on platforms like GitHub. An attacker could create an attractive-looking open-source project, wait for it to gain popularity, then inject the malicious file—potentially compromising hundreds of developers at once.
If you're a developer using Cursor: You're potentially at risk every time you open a new project, especially from sources you're not completely certain about. Even well-intentioned developers could accidentally share a compromised repository without realizing it.
If you work in cybersecurity: This highlights a growing problem with AI-assisted development tools. As these tools become more powerful and integrated into workflows, they introduce new attack surfaces that traditional security training may not cover.
If you manage developer teams: This vulnerability could affect your entire organization if developers are cloning untrusted or compromised repositories. The damage could range from stolen intellectual property to complete system compromise.
The real danger here is the assumption of trust. Developers expect that opening a folder is safe. They're focused on the code, not scanning for executable files.
This vulnerability serves as an important reminder that even modern development tools need security audits, and developers should remain cautious about what code they execute on their machines.
Want to understand the technology behind this story? ITVedas has beginner-friendly guides on every IT topic.
Explore IT Chapters →