Rabu, 15 Juli 2026

Cursor AI's Silence on a Critical Flaw Jeopardizes Millions of Users

Mindgard just disclosed an unpatched 0-day in Cursor yesterday, where a poisoned repository could trigger arbitrary code on Windows systems without the developer needing to do anything on their end.

The bug lives in how Cursor resolves Git binaries when a project loads. Cursor checks several locations for git, and one of them is the workspace itself.

Plant a file called git.exe at the root of a repository, and Cursor runs it the moment that project opens. This happens because the execution is integrated into the normal startup routine, something you'd probably never notice unless you went looking for it.

Mindgard proved this by renaming the Windows Calculator app to git.exe and placing it in a test repo. Opening that repo in Cursor launched it instantly, with the flaw repeatedly spawning new instances of the app.

on a windows system, the task manager is shown on the left with many processes visible, on the right are numerous instances of the calculator app being launched by cursor due to a critical flaw
Here you can see many instances of the Calculator app being launched by Cursor repeatedly.

This is not something Cursor didn't know about. Mindgard's Aaron Portnoy first reported the bug on December 15, 2025, then followed up repeatedly in the months after.

Getting anyone to respond took a public LinkedIn post asking for a security contact. Cursor's CISO eventually replied privately, blaming a broken automation for the missed HackerOne invite.

The stonewalling didn't stop there, as the bug report on HackerOne was closed prematurely, being termed "informative and out of scope." Mindgard pushed back, HackerOne reopened it, and confirmed the details had reached Cursor.

Days passed, and the silence from Cursor was more apparent. Requests for updates in February, March, and April were left unanswered, all while they were busy shipping new releases.

Five months of cat and mouse, and Mindgard finally decided to go public.

There's a response

the about dialog of the linux client for cursor is visible in the foreground, the background has the rest of the cursor interface with a wall of code
Just a placeholder image of Cursor's Linux build.

Albeit a very vague one. Speaking to Dark Reading, an unnamed spokesperson for Cursor informed them that:

I can confirm we are addressing this and will get back to Mindgard accordingly.

That statement isn't very confidence-instilling for an issue that feels magnitudes higher.

But what do I know about handling sensitive cybersecurity issues in a big AI firm? Maybe they had good reason to ignore the issue and were working on some shiny new AI feature. 🤷


Suggested Read 📖: Did you know a storage bug on Windows 11 could eat up disk space?



from It's FOSS https://ift.tt/dmR76eJ
via IFTTT

Tidak ada komentar:

Posting Komentar