Cybersecurity research firm Mindgard has disclosed details about an zero-day vulnerability in Cursor, a popular AI-assisted code editor.
The decision to publish the details comes after seven months of attempts to coordinate a fix with Cursor’s team. Because the issue remains unpatched, researchers released the information so that developers and organizations using the software can take immediate steps to protect their systems.
The Fast Facts
- The Vulnerability: A simple file-running issue on Windows. When a developer opens a project folder in Cursor, the editor automatically looks for Git tools. If a malicious file named `git.exe` is placed in that folder, Cursor will run it automatically.
- No User Interaction Required: The malicious file runs without any pop-ups, warnings, or confirmation prompts. Simply opening the folder in the editor triggers it.
- Continuous Running: During testing, researchers found that Cursor does not just run the file once; it repeatedly attempts to run it while the project folder remains open.
- Why Public Disclosure? Mindgard first reported this issue to Cursor on December 15, 2025. After multiple follow-ups and dozens of software updates without a fix, the firm made the details public to help users secure their environments.

How the Security Issue Works
The vulnerability does not rely on complex coding or advanced hacking techniques. It is highly straightforward:
1. The Setup: An attacker places a harmful program named `git.exe` inside a shared project folder (such as a public repository on GitHub).
2. The Trigger: A developer downloads the folder and opens it using Cursor on a Windows computer.
3. The Execution: Cursor automatically detects and runs the file, granting the malicious program the same access permissions as the logged-in user.
To prove the issue safely, Mindgard renamed the standard Windows Calculator app to `git.exe` and placed it in a test project. Upon opening the project, Cursor automatically opened several calculator windows.
How to Protect Your System Right Now
Since there is no official update to fix this issue yet, developers should use the following safety measures:
For Individual Users
- Use Sandboxing: Do not open code folders from untrusted or public sources directly on your main computer. Instead, open them inside an isolated virtual machine, Windows Sandbox, or another temporary environment.
For IT Administrators & Teams
- AppLocker Policies: System administrators can set up Windows AppLocker or Windows App Control policies to block executables from running directly out of developer project folders.
- Rule Setup: Use path-based rules to prevent unauthorized programs from running within user repository folders (for example, limiting execution in directories like `%USERPROFILE%\source\repos\\filename.exe`).
Timeline of Events
- December 15, 2025: Mindgard discovers the vulnerability and reports it to Cursor’s security email.
- January 15, 2026: Following a public inquiry, Cursor’s security team acknowledges the report and invites Mindgard to their private bug reporting program.
- January 20, 2026: The bug reporting platform confirms the vulnerability details have been delivered to Cursor’s engineers.
- February – June 2026: Mindgard requests regular status updates. No detailed progress updates are received, and the editor continues to release new versions without a patch.
- July 14, 2026: Mindgard releases the technical details publicly so users can protect themselves manually.








