Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Add as a preferred source on Google

Cursor's Unpatched 0-Day Lets a Fake Git Binary Hijack Your Windows PC

Cursor IDE has an unpatched 0-day letting a fake git.exe run code automatically on Windows. Mindgard went public after 7 months of silence.

Cursor 0day

A security flaw in Cursor, the AI-powered code editor used by more than 7 million developers, lets attackers run arbitrary code on a victim's Windows machine the moment they open a booby-trapped repository — no clicks, no prompts, no warning of any kind.

The bug was found and reported by security firm Mindgard on December 15, 2025. Seven months, over 70 shipped Cursor releases, and repeated escalation attempts later, it's still there. Frustrated by the vendor's silence, Mindgard has now gone public with full technical details, calling it a last resort after "every other path had failed."

How the attack works. When Cursor opens a project, it hunts for a Git binary in several locations — including the workspace folder itself. 

If a repository contains its own executable named git.exe sitting in the root directory, Cursor launches it automatically as part of routine path resolution, with zero user interaction. Mindgard proved this with a harmless stand-in: Windows Calculator renamed to git.exe. Simply opening the folder in Cursor spawned Calculator windows repeatedly, on an ongoing cadence, for as long as the project stayed open. Swap Calculator for a malware payload, and the result is silent, repeated code execution under the logged-in user's privileges — confirmed against Cursor 3.2.16 using Sysinternals Process Monitor logs.

Mindgard's initial report to Cursor's published security contact went unanswered. A follow-up HackerOne submission was first closed as "informative" and out of scope, then reopened and reproduced after Mindgard pushed back — with Cursor's CISO blaming an internal automation failure for the missed report. After that acknowledgement, communication stopped entirely. Status requests, escalations, and direct outreach to leadership all went nowhere.

Why it matters. Cursor markets itself to more than 50,000 companies and carries a reported $60 billion valuation, giving it access to source code, credentials, and terminals across a huge developer base. A silent RCE tied to something as routine as opening a repo turns every untrusted clone or pull request into a potential compromise.

What to do now. Until a patch lands, treat unfamiliar repositories as hostile: open them only inside a disposable VM or Windows Sandbox rather than your main machine. Enterprises on managed Windows systems can use AppLocker or Windows App Control with path-based deny rules scoped to repo directories — hash-based blocking won't help, since attackers can swap the binary's contents at will.

Post a Comment