Cursor 0day: When Full Disclosure Becomes the Only Protection Left(mindgard.ai)
404 points by Synthetic7346 19 hours ago | 191 comments
tl;dr: Cursor on Windows executes any `git.exe` found in a repository's root automatically when the project is opened, resulting in arbitrary code execution with no user interaction. Mindgard reported the flaw in December 2025, but after seven months, 197+ releases, and repeated attempts to engage Cursor and HackerOne, the vulnerability remains unpatched with no vendor communication, prompting full public disclosure. Users are advised to open untrusted repos only in sandboxes/VMs or use AppLocker rules as mitigation.
HN Discussion:
  • Exploit requires pre-existing malicious file on system, reducing real severity
  • Cursor's broader security model is broken, supporting the disclosure concerns
  • This is a serious supply chain vector given agents auto-pulling repos
  • Article appears LLM-generated and overhypes a low-quality finding
  • ~Vendor unresponsiveness is a real problem but disclosure motives seem PR-driven