Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cursor Workspace Trust disabled code execution security flaw

Vulnerability
First reported
Last updated
Happening score
H score 21
2 unique sources, 2 articles

Summary

Hide ▲

Cursor now has a disclosed weakness where Workspace Trust disabled by default can let a malicious repository trigger silent code execution when a folder is opened. The flaw matters because a booby-trapped project can run tasks in the user's context, creating risk of credential theft, file modification, and broader system compromise. The unsafe trigger is tied to VS Code-style tasks configured with runOptions.runOn: 'folderOpen'.

Related Happenings

Cursor local SQLite secret-storage exposing credentials security flaw

Vulnerability
First: 29.04.2026 18:00 Last: 29.04.2026 18:00 Sources 1

About this happening: A **high-severity** **Cursor** flaw lets installed extensions read secrets stored locally, exposing **API keys** and **session tokens** without user interaction. The weakness stem...

Open Happening

MCP STDIO arbitrary command execution security flaw

Vulnerability
First: 16.04.2026 12:40 Last: 16.04.2026 12:40 Sources 1

About this happening: A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...

Open Happening

StoatWaffle malware distributed through malicious VS Code projects

Malware Activity
First: 23.03.2026 20:09 Last: 23.03.2026 20:09 Sources 1

About this happening: The **StoatWaffle** malware is being delivered through malicious **VS Code projects**, creating a live risk of **credential theft** and **remote command execution** on developer s...

Open Happening

Cursor IDE MCP deeplink code execution security flaw

Vulnerability
First: 17.03.2026 17:00 Last: 17.03.2026 17:00 Sources 1

About this happening: A **Cursor IDE** flaw in **MCP deeplinks** can let crafted installation links trigger **arbitrary commands** or install **malicious components** under some user-approval and confi...

Open Happening

Windows 11 Insider Preview adds secure batch-file execution controls

Security Tool/Service
First: 27.02.2026 22:00 Last: 27.02.2026 22:00 Sources 1

About this happening: **Microsoft** is adding a more secure batch-file and CMD-script execution mode in **Windows 11 Insider Preview builds**, which matters for **enterprise scripted workflows** that n...

Open Happening

Timeline

  1. 12.09.2025 07:49 3 articles · 8mo ago

    Oasis Security discloses Cursor Workspace Trust code execution flaw

    Initial Disclosure

    Oasis Security disclosed a flaw in Cursor, an AI-powered fork of Visual Studio Code, where Workspace Trust is disabled by default and VS Code-style tasks configured with runOptions.runOn: 'folderOpen' can auto-execute when a project folder is opened. A malicious repository with a hidden .vscode/tasks.json can trigger silent code execution in the user's context, creating risk of sensitive credential exposure, file modification, and broader system compromise. Users are advised to enable Workspace Trust in Cursor, open untrusted repositories in a different code editor, and audit them before opening them in the tool.

    Show sources
    Open in new tab