An unpatched vulnerability in Cursor on Windows could allow attackers to achieve code execution via malicious repositories.

Simple age-old bugs give bad actors access to developers' secrets and source code-rich environments.

Cursor runs a repo-root git.exe when a Windows project opens, enabling code execution as the user. Seven months later, no patch or advisory exists.

An unpatched vulnerability in Cursor on Windows could allow attackers to achieve code execution via malicious repositories.

A developer opens a repository in Cursor on Windows. If that repo contains a file named git.exe in...