Skip to main content

Cursor IDE CVE-2026-63093

| EUVDEUVD-2026-45178 HIGH
Untrusted Search Path (CWE-426)
2026-07-17 VulnCheck GHSA-prfr-jc65-hr23
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Malicious repo is network-delivered (AV:N, AC:L, PR:N) but the victim must open the workspace (UI:R); code runs as current user with full C/I/A impact and no scope change (S:U).

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 17, 2026 - 15:16 vuln.today
CVE Published
Jul 17, 2026 - 14:23 cve.org
HIGH 8.7

DescriptionCVE.org

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves and executes the workspace-resident git.exe during IDE startup and on a recurring timed cadence without any user interaction, running the malicious binary under the privileges of the current user.

AnalysisAI

Arbitrary code execution in Cursor for Windows 3.2.16 lets remote attackers run code on a developer's machine by planting a malicious git.exe in a repository's root directory. Because Cursor resolves and executes the workspace-resident git.exe at IDE startup and on a recurring timer, simply cloning and opening a crafted repository triggers execution under the current user's privileges with no explicit user action beyond opening the project. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft repository with malicious git.exe in root
Delivery
Lure developer to clone and open in Cursor
Exploit
Cursor auto-resolves workspace git.exe at startup
Execution
Planted binary executes as current user
Persist
Recurring timer re-triggers execution
Impact
Achieve arbitrary code execution

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to clone and open, in Cursor for Windows 3.2.16, a repository that contains an attacker-supplied git.exe in the repository root directory; the vulnerable behavior is Cursor automatically resolving the workspace-resident git.exe during IDE startup and on a recurring timed cadence. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H, base 8.7) reflects network-delivered content, low complexity, no privileges, and passive user interaction, with high impact to confidentiality, integrity, and availability but no scope change to other systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes an attractive-looking repository (a sample project, coding challenge, or dependency) containing a malicious git.exe in its root and lures a developer into cloning and opening it in Cursor for Windows. On IDE startup - and again on the recurring timer - Cursor resolves and executes the planted git.exe with the developer's privileges, giving the attacker code execution with no further interaction. …
Remediation No vendor-released patch identified at time of analysis; no fixed version is present in the provided data, and the Mindgard disclosure title suggests remediation was not yet coordinated. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all Cursor 3.2.16 installations on Windows systems and immediately either uninstall the application or restrict developer access exclusively to internal, controlled repositories until a vendor patch is available. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Cursor

View all
CVE-2026-22708 CRITICAL
9.8 Jan 14

Cursor AI code editor before 2.3 allows prompt injection to bypass the Agent's Allowlist mode. Shell built-ins can execu

CVE-2026-50549 CRITICAL
9.3 Jun 25

Sandbox escape leading to non-sandboxed remote code execution in Cursor (the AI code editor) prior to version 3.0, where

CVE-2026-50548 CRITICAL
9.3 Jun 25

Sandbox escape leading to non-sandboxed remote code execution affects the Cursor AI code editor prior to version 3.0, wh

CVE-2025-61592 HIGH
8.8 Oct 03

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific

CVE-2025-61591 HIGH
8.8 Oct 03

Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication wit

CVE-2026-31854 HIGH
8.8 Mar 11

Cursor is a code editor built for programming with AI. versions up to 2.0 is affected by os command injection.

CVE-2026-48124 HIGH
8.5 Jun 15

Unauthorized hook command execution in Cursor Desktop versions prior to 3.0.0 allows a malicious workspace to silently r

CVE-2025-59944 HIGH
8.0 Oct 03

Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the wa

CVE-2026-26268 HIGH
8.0 Feb 13

Cursor versions before 2.5 allow sandbox escape through improper .git configuration file protections, enabling malicious

CVE-2026-61613 HIGH
7.7 Jul 15

Server-side request forgery leading to code execution in Cursor's browser-enabled Cloud Agent lets attacker-controlled w

CVE-2025-61590 HIGH
7.5 Oct 03

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (R

CVE-2025-61593 HIGH
7.1 Oct 03

Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI

Share

CVE-2026-63093 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy