Cursor Windows repo-root git.exe code execution security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Cursor on Windows automatically runs a repo-root git.exe when a repository is opened, creating arbitrary code execution as the logged-in user. The flaw affects cloned projects and can expose source, SSH keys, and cloud tokens. As of publication there was no patch and no public Cursor advisory.
Related Happenings
Microsoft AutoGen Studio AutoJack MCP WebSocket command execution security flaw
Vulnerability
H score33
First: 22.06.2026 20:28
Last: 22.06.2026 20:28
Sources 1
About this happening:
Microsoft’s **AutoJack** chain exposed **AutoGen Studio** to **arbitrary command execution** for developers building from the main GitHub branch before the hardening commit.
Microsoft AutoGen Studio AutoJack MCP WebSocket command execution security flaw
VulnerabilityAbout this happening: Microsoft’s **AutoJack** chain exposed **AutoGen Studio** to **arbitrary command execution** for developers building from the main GitHub branch before the hardening commit.
Microsoft hit by cyberattack
Incident
H score68
First: 09.06.2026 18:42
Last: 09.06.2026 18:42
Sources 1
About this happening:
A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...
Microsoft hit by cyberattack
IncidentAbout this happening: A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...
Miasma self-replicating supply chain attack campaign targeting open-source repositories
Campaign
H score83
First: 06.06.2026 09:58
Last: 06.06.2026 09:58
Sources 1
About this happening:
The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...
Miasma self-replicating supply chain attack campaign targeting open-source repositories
CampaignAbout this happening: The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...
Visual Studio Code VS Code token-theft zero-day security flaw
Vulnerability
H score44
First: 03.06.2026 09:50
Last: 03.06.2026 09:50
Sources 1
About this happening:
A **Visual Studio Code (VS Code) zero-day** lets attackers steal **GitHub OAuth tokens** by abusing the editor's **sandboxed webview message-passing system**. The flaw is especial...
Visual Studio Code VS Code token-theft zero-day security flaw
VulnerabilityAbout this happening: A **Visual Studio Code (VS Code) zero-day** lets attackers steal **GitHub OAuth tokens** by abusing the editor's **sandboxed webview message-passing system**. The flaw is especial...
Latest development: 03.06.2026 15:58
Microsoft has acknowledged a Visual Studio Code vulnerability that can let an attacker use a crafted link and malicious webview message-passing to steal a victim's GitHub OAuth token via GitHub.dev, and said it is working on a fix; Microsoft also said the issue does not affect VS Code Desktop.
Rwl.angular-console (Nx Console) hit by network compromise
Incident
H score41
First: 19.05.2026 10:49
Last: 19.05.2026 10:49
Sources 1
About this happening:
The **Nx Console** extension **rwl.angular-console 18.95.0** was compromised on the **VS Code Marketplace**, exposing **developers** to a **credential-stealing** payload and suppl...
Rwl.angular-console (Nx Console) hit by network compromise
IncidentAbout this happening: The **Nx Console** extension **rwl.angular-console 18.95.0** was compromised on the **VS Code Marketplace**, exposing **developers** to a **credential-stealing** payload and suppl...
Timeline
-
15.07.2026 13:55 1 articles · 2h ago
Mindgard reports Cursor Windows repo-root git.exe code execution flaw
Initial DisclosureMindgard reported a Cursor on Windows flaw that runs a repository-root git.exe when a project opens, letting an attacker achieve arbitrary code execution as the logged-in user and exposing source, SSH keys, and cloud tokens.
Show sources
- Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution — thehackernews.com — 15.07.2026 13:55
-
15.07.2026 13:55 1 articles · 2h ago
HackerOne confirms delivery of Mindgard's Cursor report
Untyped PhaseHackerOne confirmed delivery of Mindgard's Cursor report on January 20 after the submission had been resubmitted and reopened inside Cursor's private disclosure flow.
Show sources
- Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution — thehackernews.com — 15.07.2026 13:55
-
15.07.2026 13:55 1 articles · 2h ago
Mindgard requests an update on the Cursor Git-related report
Untyped PhaseMindgard asked Cursor for an update on its Git-related report on February 16, and the follow-up thread continued into later months without a reply.
Show sources
- Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution — thehackernews.com — 15.07.2026 13:55
-
15.07.2026 13:55 1 articles · 2h ago
Mindgard revalidates the Cursor Windows git.exe flaw on Cursor 3.2.16
Technical Analysis UpdateMindgard's latest dated confirmation on April 30, 2026 found the flaw still present in Cursor 3.2.16.
Show sources
- Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution — thehackernews.com — 15.07.2026 13:55
-
15.07.2026 13:55 2 articles · 2h ago
Mindgard publishes full technical details on the Cursor Windows git.exe flaw
Technical Analysis UpdateMindgard published full technical details on July 15, 2026, showing Process Monitor output where Cursor.exe spawned the repo-root binary with git rev-parse --show-toplevel; Cursor still had no patch or advisory, and no CVE had been assigned.
Show sources
- Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution — thehackernews.com — 15.07.2026 13:55
- Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution — thehackernews.com — 15.07.2026 13:55