Cursor, a popular VS Code-based IDE, executes arbitrary binaries on Windows systems without user approval or warning. The vulnerability stems from how Cursor handles repositories containing a file named git.exe in the project root.

When a developer opens a malicious cloned repository in Cursor on Windows, the application automatically runs any git.exe file present without displaying approval dialogs or security warnings. The execution occurs with full user privileges, granting the malicious binary access to developer credentials, SSH keys, cloud authentication tokens, and source code. Cursor continues re-executing the binary throughout the session, multiplying exposure window.

The attack vector exploits a common development workflow. Attackers distribute poisoned repositories through GitHub, GitLab, or other platforms. When developers clone and open these projects in Cursor, infection occurs silently. This represents a supply chain risk for teams using Cursor for development work.

The threat targets Windows specifically, where Cursor's path resolution prioritizes the project root directory when searching for executables. Developers working on shared or untrusted codebases face particular risk. Organizations with centralized cloud credentials or shared SSH infrastructure could suffer lateral movement from a single compromised developer machine.

The vulnerability bypasses typical security paradigms. Unlike traditional malware delivery, this requires no social engineering beyond distributing an innocent-looking code repository. The git.exe naming convention exploits legitimate developer expectations about Git operations within development environments.

Cursor users should implement immediate mitigations: restrict repository cloning to trusted sources, review project contents before opening in Cursor, and consider using separate SSH keys with limited permissions for development work. System administrators should enforce code review policies that examine third-party dependencies and project structure before local execution.

The flaw underscores broader IDE security considerations. Development tools occupy privileged positions within security architecture, accessing credentials and sensitive files routinely. This incident demonstrates that convenience features in ID