Full Report
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your source, your SSH keys and your cloud tokens. Cursor keeps re-running it for as long as the project stays open. No prompt
Analysis Summary
# Vulnerability: Cursor IDE Arbitrary Code Execution via Malicious git.exe
## CVE Details
- **CVE ID:** None Assigned (Reporting period spans Dec 2025 – July 2026)
- **CVSS Score:** Estimated 8.8 (High) / 9.8 (Critical)
- **CWE:** CWE-427: Uncontrolled Search Path Element
## Affected Systems
- **Products:** Cursor AI Code Editor (Windows)
- **Versions:** Confirmed up to v3.2.16; likely affects versions up to current (v3.11 as of July 2026)
- **Configurations:** Windows environments where Cursor is used to open local or cloned repository folders.
## Vulnerability Description
When Cursor opens a project on Windows, it automatically searches for the Git binary to initialize source control features. The application includes the workspace root (the project folder itself) in its search path. Because Windows prioritizes the current directory or lacks a fully qualified path for the executable, Cursor executes a file named `git.exe` if it exists in the root of the opened folder.
The execution occurs automatically upon opening the folder without any user interaction or approval dialogs. The process is spawned with the command line `git rev-parse --show-toplevel` and runs with the privileges of the logged-in user.
## Exploitation
- **Status:** PoC available (demonstrated by Mindgard using a renamed `calc.exe`).
- **Complexity:** Low
- **Attack Vector:** Local/Social Engineering (Tricking a user into cloning or opening a malicious repository).
## Impact
- **Confidentiality:** High (Access to SSH keys, cloud tokens, and source code).
- **Integrity:** High (Arbitrary code execution as the user).
- **Availability:** High (Persistent execution; Cursor re-runs the binary as long as the project is open).
## Remediation
### Patches
- **No patch currently available.** As of July 15, 2026, the vendor has not released a fix or an official advisory.
### Workarounds
- **Manual Inspection:** Before opening a cloned or downloaded repository in Cursor, check the root directory for suspicious binaries such as `git.exe`, `npx.exe`, `node.exe`, or `where.exe`.
- **Sandbox Isolation:** Open untrusted repositories only within a disposable Virtual Machine (VM) or Windows Sandbox.
- **AppLocker/Windows App Control:** Implement deny rules to block executables by name (`git.exe`) when located within known workspace or repository paths (e.g., `%USERPROFILE%\source\repos\*\git.exe`).
## Detection
- **Indicators of Compromise:** Unexpected child processes spawned by `Cursor.exe`.
- **Detection Methods:** Monitor for `Cursor.exe` spawning processes that are not located in standard `Program Files` or System32 pathways, specifically targeting executions from user-writable project directories.
## References
- **Mindgard Technical Write-up:** hxxps[://]mindgard[.]ai/blog/cursor-0day-when-full-disclosure-becomes-the-only-protection-left
- **Cursor Security Advisories:** hxxps[://]github[.]com/cursor/cursor/security/advisories
- **News Report:** hxxps[://]thehackernews[.]com/2026/07/cursor-flaw-lets-malicious-cloned.html