Back to Feed
VulnerabilitiesJul 14, 2026

Cursor IDE Auto-Executes Malicious Code in Poisoned Repos

Cursor IDE auto-executes malicious code from poisoned repositories despite December disclosure.

Summary

A critical vulnerability in Cursor, a popular AI-powered coding IDE, allows automatic execution of malicious code when developers clone poisoned repositories. Researchers disclosed the issue to Cursor in December, but the vulnerability remains unpatched. This creates a significant supply-chain risk for developers who use Cursor with untrusted or compromised code repositories.

Entities

Cursor IDE (product)Code repository poisoning (technology)