#Cursor IDE
mindgard.ai · ⭐️ 8/10 · 2026-07-14
A zero-day vulnerability in Cursor IDE allows executing arbitrary .exe files without user prompt, and remains unpatched over six months after disclosure to the vendor. This vulnerability poses a significant security risk to Cursor users, as an attacker with local access can execute malicious code silently. The vendor&\x27;s lack of response raises concerns about responsible disclosure practices and user trust. The vulnerability was first reported by Mindgard on December 15, 2025, but Cursor closed the HackerOne report as &\x27;Informative&\x27; before later reopening and confirming the issue. The exploit requires placing a malicious .exe named git.exe in the user&\x27;s code folder, leveraging Windows&\x27; current directory search order.