Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution [email protected] (The Hacker News)

Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute.

Whatever that binary does, it does as you, with your source, your SSH keys and your cloud tokens. Cursor keeps re-running it for as long as the project stays open.

No promptRead More 


Posted

in

by

Tags: