Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cursor IDE MCP deeplink code execution security flaw

Vulnerability
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

A Cursor IDE flaw in MCP deeplinks can let crafted installation links trigger arbitrary commands or install malicious components under some user-approval and configuration conditions. The issue, dubbed CursorJack, was shown in controlled testing as of January 19, 2026 and was not automatic. A single click on a crafted link followed by approval of an installation prompt may be enough in some environments. The pathway is especially risky for developers handling API keys, credentials, and source code.

Related Happenings

Cursor local SQLite secret-storage exposing credentials security flaw

Vulnerability
First: 29.04.2026 18:00 Last: 29.04.2026 18:00 Sources 1

About this happening: A **high-severity** **Cursor** flaw lets installed extensions read secrets stored locally, exposing **API keys** and **session tokens** without user interaction. The weakness stem...

Open Happening

VSCode extensions local file theft and RCE vulnerabilities (multiple vulnerabilities)

Vulnerability
First: 17.02.2026 23:27 Last: 17.02.2026 23:27 Sources 1

About this happening: **High-to-critical vulnerabilities** in popular **VSCode extensions** can expose developers to **local file theft** and **remote code execution** across software downloaded more t...

Open Happening

Microsoft Copilot Reprompt prompt-injection security flaw

Vulnerability
First: 14.01.2026 16:00 Last: 14.01.2026 16:00 Sources 1

About this happening: **Reprompt** is a **Microsoft Copilot** prompt-injection flaw that can let a crafted **URL** trigger **invisible data exfiltration** from an authenticated session. The abuse path...

Open Happening

VS Code forks recommend nonexistent Open VSX extensions, enabling namespace-hijack supply-chain risk

Technical Analysis
First: 06.01.2026 13:25 Last: 06.01.2026 13:25 Sources 1

About this happening: Researchers found that **Cursor**, **Windsurf**, **Google Antigravity**, and **Trae** can recommend **non-existent Open VSX extensions**, creating a **supply-chain risk** if an at...

Open Happening

Cursor and Windsurf outdated Chromium/V8 builds multiple vulnerabilities security flaw (CVE-2025-7656)

Vulnerability
First: 21.10.2025 22:00 Last: 21.10.2025 22:00 Sources 1

About this happening: Researchers confirmed that outdated **Chromium/V8** builds in **Cursor** and **Windsurf** expose an estimated **1.8 million developers** to **94+ patched vulnerabilities**. A proo...

Open Happening

Timeline

  1. 17.03.2026 17:00 1 articles · 2mo ago

    Cursor IDE MCP deeplink testing reveals code-execution path

    Technical Analysis Update

    Controlled testing on January 19, 2026 showed that Cursor IDE's MCP deeplink handling could be abused by a crafted link that appears legitimate but carries harmful configuration data, and a click followed by installation-prompt approval may let the IDE execute commands with the user's privileges or install malicious components; no zero-click exploitation was observed.

    Show sources
    Open in new tab
  2. 17.03.2026 17:00 2 articles · 2mo ago

    Proofpoint discloses CursorJack and notifies Cursor

    Initial Disclosure

    On March 17, 2026, Proofpoint publicly disclosed CursorJack, published a proof-of-concept on GitHub, and notified Cursor through its vulnerability-reporting channel after describing the issue as a code-execution path in the Cursor IDE and recommending stronger built-in verification, permission controls, and installation transparency for MCP workflows.

    Show sources
    Open in new tab