🚨Cursor Vulnerability Allows Arbitrary Code Execution via Git.exe
Cursor's latest version still lets attackers run malicious code with ease
TL;DR
A critical security flaw in Cursor allows arbitrary code execution when a git.exe binary is present in the repository. Developers must take immediate action to secure their workspaces.
Mindgard identified a vulnerability in Cursor that enables attackers to execute arbitrary code by placing a malicious git.exe file in the root of a project. This flaw, which has persisted for over six months without remediation, affects all versions tested and requires no user interaction beyond opening an affected repository. Developers should use isolated environments or AppLocker policies to mitigate risk until Cursor patches this issue.

Key Points
Vulnerability identified on December 15, 2025; no response from Cursor despite multiple reports
Cursor attempts to locate Git binaries across various locations, including the workspace itself
Exploitation requires a developer to open a project containing git.exe in the repository root
Enterprise systems can use AppLocker or Windows App Control policies to deny execution of git.exe
Consumer systems should isolate untrusted repositories until Cursor patches this critical flaw
Why It Matters
If you're using Cursor, your development environment is at risk. The vulnerability allows attackers to execute arbitrary code with no user interaction required. Until a patch is released, developers must use isolated environments or AppLocker policies to protect their workspaces.
Frequently Asked Questions
Why does this matter?
If you're using Cursor, your development environment is at risk. The vulnerability allows attackers to execute arbitrary code with no user interaction required. Until a patch is released, developers must use isolated environments or AppLocker policies to protect their workspaces.
What happened?
A critical security flaw in Cursor allows arbitrary code execution when a git.exe binary is present in the repository. Developers must take immediate action to secure their workspaces.
Comments
Be the first to comment
Enjoyed this article?
Get it daily. 7am. Free. Reads in 5 minutes.
Join 2,074 builders reading daily.