< BACK TO NEWS
importantSYS.SOURCE: The Hacker News2026-07-15T16:25:22+05:30

Critical Vulnerability in Cursor Allows Arbitrary Code Execution via Malicious Git.exe

A critical vulnerability in Cursor allows arbitrary code execution on Windows by exploiting a malicious 'git.exe' in cloned repositories, bypassing user interaction. No patch is available, with workarounds suggesting restricted execution environments and file monitoring.

Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute.

Whatever that binary does, it does as you, with your source, your SSH keys and your cloud tokens. Cursor keeps re-running it for as long as the project stays open.

No prompt

Read original article

*** END OF TRANSMISSION ***