Cursor 0day: When Full Disclosure Becomes the Only Protection Left
Points and comments are a snapshot, not live.
Cursor IDE executes git.exe from the workspace root without user prompting, enabling arbitrary code execution on Windows.
Mindgard discovered a vulnerability in Cursor (7M+ users, $60B valuation) on December 15, 2025. When opening a project, Cursor searches for git binaries including the workspace root. If a malicious git.exe is present, Cursor executes it automatically without prompts. The bug was reported that day via Cursor's security.txt email, then through HackerOne after the CISO acknowledged an automation failure. Despite reproduction and confirmation by HackerOne, Cursor shipped 70+ versions over 7 months without fixing the issue. Mindgard released full details after no meaningful vendor response. Mitigation requires AppLocker policies or isolated VMs; no patch exists.
What commenters are saying
Commenters are split: many see this as a routine Windows path-resolution issue (cmd.exe includes current directory in PATH by default, so this replicates old shell behavior), while others focus on Cursor's failure to use fully qualified paths and its lack of response. Some question whether the bug report was lost among AI-generated "slop" reports. Others note the attack vector is realistic: clone a malicious repo and open it in Cursor. A few argue the same risk exists in any shell, but counter that IDE software should not execute untrusted binaries without prompting.