Cursor AI Extension Vulnerability Enables Unauthorized Credential Access via Local Storage Flaw
Summary
Hide ▲
Show ▼
A high-severity vulnerability in the Cursor AI development environment allows installed extensions to directly access locally stored API keys, session tokens, and configuration data without user interaction or permission prompts. The flaw stems from Cursor's use of an unprotected SQLite database for credential storage, enabling any extension—regardless of its requested permissions—to query and exfiltrate sensitive authentication materials. Exploitation risks unauthorized access to third-party services such as OpenAI, Anthropic, or Google, leading to potential financial loss, data exposure, and service misuse. Cursor has not yet patched the issue as of April 28, 2026, and places responsibility on users to define trust boundaries.
Timeline
-
29.04.2026 18:00 1 articles · 1h ago
Cursor Local Credential Storage Flaw Exposes Developer API Keys and Session Tokens to Extensions
A high-severity vulnerability in Cursor’s AI development environment allows any installed extension to access locally stored API keys, session tokens, and configuration data via an unprotected SQLite database. The flaw enables silent credential exfiltration without user interaction or permission prompts. Cursor has not issued a patch as of April 28, 2026, and assigns responsibility for trust boundaries to users.
Show sources
- Cursor Extension Flaw Exposes Developer API Keys — www.infosecurity-magazine.com — 29.04.2026 18:00
Information Snippets
-
The vulnerability exists due to Cursor storing API keys, session tokens, and configuration data in an unprotected local SQLite database accessible to all installed extensions.
First reported: 29.04.2026 18:001 source, 1 articleShow sources
- Cursor Extension Flaw Exposes Developer API Keys — www.infosecurity-magazine.com — 29.04.2026 18:00
-
No permission enforcement separates extensions from the credential storage, allowing even benign extensions to retrieve sensitive data without alerts or user interaction.
First reported: 29.04.2026 18:001 source, 1 articleShow sources
- Cursor Extension Flaw Exposes Developer API Keys — www.infosecurity-magazine.com — 29.04.2026 18:00
-
LayerX researchers assigned the flaw a CVSS score of 8.2 and demonstrated that malicious extensions could silently exfiltrate credentials to external servers.
First reported: 29.04.2026 18:001 source, 1 articleShow sources
- Cursor Extension Flaw Exposes Developer API Keys — www.infosecurity-magazine.com — 29.04.2026 18:00
-
Cursor acknowledged the issue but indicated that defining trust boundaries is the user's responsibility, and no patch is available as of April 28, 2026.
First reported: 29.04.2026 18:001 source, 1 articleShow sources
- Cursor Extension Flaw Exposes Developer API Keys — www.infosecurity-magazine.com — 29.04.2026 18:00
-
Exploited credentials can grant unauthorized access to third-party services (e.g., OpenAI, Anthropic, Google), enabling financial loss, data exposure, and further attacks via API abuse.
First reported: 29.04.2026 18:001 source, 1 articleShow sources
- Cursor Extension Flaw Exposes Developer API Keys — www.infosecurity-magazine.com — 29.04.2026 18:00