Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

"Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: 'folderOpen' auto-execute the moment a developer browses a project."

"This has the potential to leak sensitive credentials, modify files, or serve as a vector for broader system compromise, placing Cursor users at significant risk from supply chain attacks."

Cursor, an AI-powered fork of Visual Studio Code, disables Workspace Trust by default, allowing VS Code-style tasks with runOptions.runOn set to 'folderOpen' to execute automatically when a folder is opened. A malicious repository can include a .vscode/tasks.json that triggers silent code execution in the user's context, enabling arbitrary commands, credential exposure, file modification, or wider system compromise. The vulnerability amplifies supply chain risk for Cursor users. Recommended mitigations include enabling Workspace Trust, opening untrusted repositories in other editors, and auditing repositories before opening them in Cursor.

#cursor #workspace-trust #arbitrary-code-execution #supply-chain-attacks

Read at The Hacker News

Unable to calculate read time

Collection

[

...

]

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious RepositoriesCursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories Briefly

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
Briefly