Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cursor local SQLite secret-storage exposing credentials security flaw

Vulnerability
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

A high-severity Cursor flaw lets installed extensions read secrets stored locally, exposing API keys and session tokens without user interaction. The weakness stems from a local SQLite database that is accessible to extensions regardless of permissions. Because the data can be exfiltrated silently, the issue puts developer accounts and downstream services at risk, and it remained unresolved as of April 28, 2026.

Related Happenings

LiteLLM pre-auth SQL injection (CVE-2026-42208)

Vulnerability
First: 29.04.2026 00:07 Last: 29.04.2026 00:07 Sources 1

About this happening: **LiteLLM**'s **CVE-2026-42208** pre-auth SQL injection is being actively exploited, putting proxy databases and stored secrets at risk. The flaw can be triggered without authenti...

Latest development: 29.04.2026 08:34

BerriAI released `1.83.7-stable` on April 19, 2026 to address `CVE-2026-42208`, a critical `SQL injection` in LiteLLM proxy API key checks, and recommended setting `disable_error_logs: true` as a workaround when immediate upgrading is not possible.

Open Happening

English-learning app user audio exposure via Gemini Files API

Data Leak
First: 08.04.2026 19:00 Last: 08.04.2026 19:00 Sources 1

About this happening: A confirmed **Gemini Files API** exposure let **user-uploaded audio files** from an **English-learning app** be retrieved, showing that exposed keys can surface private user conte...

Open Happening

ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw

Vulnerability
First: 31.03.2026 16:01 Last: 31.03.2026 16:01 Sources 1

About this happening: A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...

Open Happening

Cursor IDE MCP deeplink code execution security flaw

Vulnerability
First: 17.03.2026 17:00 Last: 17.03.2026 17:00 Sources 1

About this happening: A **Cursor IDE** flaw in **MCP deeplinks** can let crafted installation links trigger **arbitrary commands** or install **malicious components** under some user-approval and confi...

Open Happening

SQL Server elevation-of-privilege flaw (CVE-2026-21262)

Vulnerability
First: 10.03.2026 19:49 Last: 10.03.2026 19:49 Sources 1

About this happening: **Microsoft** patched **CVE-2026-21262** in **SQL Server**, closing a publicly disclosed **elevation-of-privilege** flaw that can grant **SQLAdmin** privileges over the network. T...

Open Happening

Timeline

  1. 29.04.2026 18:00 2 articles · 28d ago

    LayerX discloses Cursor extension credential-access flaw

    Initial Disclosure

    LayerX disclosed a high-severity flaw in Cursor that lets installed extensions directly query a local SQLite database containing API keys and session tokens without user interaction or standard operating system keychain protection, enabling silent credential theft and downstream misuse of third-party services. Cursor reportedly acknowledged the notice, and the issue remained unresolved as of April 28, 2026.

    Show sources
    Open in new tab