Cursor, a popular AI-powered coding editor, has been found to contain a serious security flaw that could allow attackers to run malicious code on Windows computers. The issue is triggered when a developer opens or clones a specially crafted repository. Security researchers warned that the attack requires very little user interaction, making it a significant threat for software developers. The vulnerability affects the trust developers place in repositories they download from the internet.

cursor-ai-code-editor-security-vulnerability

The flaw was discovered by security researchers at Mindgard, who explained that Cursor incorrectly searches for the Git program when opening a project. Instead of using the legitimate Git installation already present on the system, the application can mistakenly execute a fake git.exe file placed inside the cloned repository. Since the malicious file is launched automatically, attackers can gain code execution with the same permissions as the logged-in user.

Researchers demonstrated the attack by replacing the Windows Calculator application with a file named git.exe. As soon as the poisoned repository was opened in Cursor, the fake program executed automatically without displaying any warning or confirmation prompt. This showed that a harmless-looking project could secretly run attacker-controlled code before the developer even starts working on it.

malicious-git-repository-code-execution-warning

According to Mindgard, the vulnerability was first reported to Cursor in December 2025 through responsible disclosure. After additional communication and a HackerOne submission, the researchers said the issue remained present in multiple later releases they tested. At the time of public disclosure, they stated that the flaw had still not been fully fixed in the versions they examined.

Because the malicious file runs with the user’s existing privileges, attackers could use the vulnerability to install malware, steal sensitive information, modify files, or establish persistent access to the system. Since many developers regularly clone open-source repositories from Git hosting platforms, a single poisoned repository could become an effective way to target software engineers. The attack does not require complicated exploitation techniques once the repository is opened.

cursor-security-flaw-windows-code-execution

Security experts noted that this issue highlights the growing risks associated with AI-assisted development tools. Developers often trust their coding environment to automate repetitive tasks, but vulnerabilities like this can turn those conveniences into attack paths. As AI-powered editors become more common, researchers believe stronger security checks are necessary before automated actions are performed.

The researchers advised developers to be cautious when downloading or cloning repositories from unknown or untrusted sources. Organizations should verify project origins, review repository contents whenever possible, and keep development tools updated with the latest security patches once fixes become available. Limiting administrative privileges and following secure development practices can also reduce the impact of similar attacks.

software-supply-chain-security-git-repository-attack

The discovery serves as another reminder that software supply chain attacks continue to evolve alongside AI development tools. Even trusted applications can become security risks if small design weaknesses are overlooked. Developers and organizations are encouraged to stay informed about newly disclosed vulnerabilities and apply vendor updates promptly to reduce the chances of compromise.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news