A developer opens a repository in Cursor on Windows. If that repo contains a file named git.exe in...

Cursor runs a repo-root git.exe when a Windows project opens, enabling code execution as the user. Seven months later, no patch or advisory exists.

An unpatched vulnerability in Cursor on Windows could allow attackers to achieve code execution via malicious repositories.

A developer opens a repository in Cursor on Windows. If that repo contains a file named git.exe in...