Cursor IDE Vulnerable to Arbitrary Code Execution via Git
July 14, 2026
The Cursor IDE is vulnerable to arbitrary code execution if a user opens a repository containing a malicious git.exe in the project root. The IDE automatically executes the binary without user prompting or approval, posing a significant risk to its 7 million active users.
HOW THIS AFFECTS YOU
●
builderAvoid opening untrusted repositories in Cursor on Windows until a patch is verified.
●
policyThis underscores the security risks inherent in AI-integrated development environments.