Skip to content
mindgard.ai·

🚨Cursor Vulnerability Allows Arbitrary Code Execution via Git.exe

Cursor's latest version still lets attackers run malicious code with ease

TL;DR

A critical security flaw in Cursor allows arbitrary code execution when a git.exe binary is present in the repository. Developers must take immediate action to secure their workspaces.

Mindgard identified a vulnerability in Cursor that enables attackers to execute arbitrary code by placing a malicious git.exe file in the root of a project. This flaw, which has persisted for over six months without remediation, affects all versions tested and requires no user interaction beyond opening an affected repository. Developers should use isolated environments or AppLocker policies to mitigate risk until Cursor patches this issue.

Cursor Vulnerability Allows Arbitrary Code Execution via Git.exe — mindgard.ai

Key Points

1

Vulnerability identified on December 15, 2025; no response from Cursor despite multiple reports

2

Cursor attempts to locate Git binaries across various locations, including the workspace itself

3

Exploitation requires a developer to open a project containing git.exe in the repository root

4

Enterprise systems can use AppLocker or Windows App Control policies to deny execution of git.exe

5

Consumer systems should isolate untrusted repositories until Cursor patches this critical flaw

Why It Matters

If you're using Cursor, your development environment is at risk. The vulnerability allows attackers to execute arbitrary code with no user interaction required. Until a patch is released, developers must use isolated environments or AppLocker policies to protect their workspaces.

Cursorgit.exearbitrary code executionAppLockerWindows Sandbox

Frequently Asked Questions

Why does this matter?

If you're using Cursor, your development environment is at risk. The vulnerability allows attackers to execute arbitrary code with no user interaction required. Until a patch is released, developers must use isolated environments or AppLocker policies to protect their workspaces.

What happened?

A critical security flaw in Cursor allows arbitrary code execution when a git.exe binary is present in the repository. Developers must take immediate action to secure their workspaces.

Comments

Subscribe to join the conversation...

Be the first to comment

Enjoyed this article?

Get it daily. 7am. Free. Reads in 5 minutes.

Join 2,074 builders reading daily.

Also get