Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cursor Windows repo-root git.exe code execution security flaw

Vulnerability
First reported
Last updated
Happening score
H score 9
1 unique sources, 1 articles

Summary

Hide ▲

Cursor on Windows automatically runs a repo-root git.exe when a repository is opened, creating arbitrary code execution as the logged-in user. The flaw affects cloned projects and can expose source, SSH keys, and cloud tokens. As of publication there was no patch and no public Cursor advisory.

Related Happenings

Microsoft AutoGen Studio AutoJack MCP WebSocket command execution security flaw

Vulnerability
H score33 First: 22.06.2026 20:28 Last: 22.06.2026 20:28 Sources 1

About this happening: Microsoft’s **AutoJack** chain exposed **AutoGen Studio** to **arbitrary command execution** for developers building from the main GitHub branch before the hardening commit.

Microsoft hit by cyberattack

Incident
H score68 First: 09.06.2026 18:42 Last: 09.06.2026 18:42 Sources 1

About this happening: A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...

Miasma self-replicating supply chain attack campaign targeting open-source repositories

Campaign
H score83 First: 06.06.2026 09:58 Last: 06.06.2026 09:58 Sources 1

About this happening: The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...

Visual Studio Code VS Code token-theft zero-day security flaw

Vulnerability
H score44 First: 03.06.2026 09:50 Last: 03.06.2026 09:50 Sources 1

About this happening: A **Visual Studio Code (VS Code) zero-day** lets attackers steal **GitHub OAuth tokens** by abusing the editor's **sandboxed webview message-passing system**. The flaw is especial...

Latest development: 03.06.2026 15:58

Microsoft has acknowledged a Visual Studio Code vulnerability that can let an attacker use a crafted link and malicious webview message-passing to steal a victim's GitHub OAuth token via GitHub.dev, and said it is working on a fix; Microsoft also said the issue does not affect VS Code Desktop.

Rwl.angular-console (Nx Console) hit by network compromise

Incident
H score41 First: 19.05.2026 10:49 Last: 19.05.2026 10:49 Sources 1

About this happening: The **Nx Console** extension **rwl.angular-console 18.95.0** was compromised on the **VS Code Marketplace**, exposing **developers** to a **credential-stealing** payload and suppl...

Timeline

  1. 15.07.2026 13:55 1 articles · 2h ago

    Mindgard reports Cursor Windows repo-root git.exe code execution flaw

    Initial Disclosure

    Mindgard reported a Cursor on Windows flaw that runs a repository-root git.exe when a project opens, letting an attacker achieve arbitrary code execution as the logged-in user and exposing source, SSH keys, and cloud tokens.

    Show sources
  2. 15.07.2026 13:55 2 articles · 2h ago

    Mindgard publishes full technical details on the Cursor Windows git.exe flaw

    Technical Analysis Update

    Mindgard published full technical details on July 15, 2026, showing Process Monitor output where Cursor.exe spawned the repo-root binary with git rev-parse --show-toplevel; Cursor still had no patch or advisory, and no CVE had been assigned.

    Show sources