A developer opens a repository in Cursor on Windows. If that repo contains a file named git.exe in the root, Cursor executes it automatically. No clicks. No warnings. No prompts. Just code execution — under the current user's privileges.

Mindgard found this on December 15, 2025. They reported it the same day. Today is July 2026 — 197+ Cursor versions later — and it's still there.

"The vulnerability is almost boring in its simplicity, and that may be the most concerning part." — Mindgard

What actually happened

The bug is a path resolution problem. When loading a project, Cursor searches multiple locations for Git binaries — one of which is the workspace root itself. If an attacker plants a malicious git.exe there, Cursor picks it up and runs it. Repeatedly. On a cadence, while the project is open.