Critical Vulnerability in Cursor AI IDE Exposes Developers to Arbitrary Code Execution
Researchers from threat hunting firm Novee uncovered a high-severity vulnerability (CVE-2026-26268, CVSS 8.1) in Cursor, a popular AI-powered Integrated Development Environment (IDE). The flaw enables attackers to execute arbitrary code on a developer’s machine simply by tricking them into cloning a malicious repository.
Unlike traditional exploits, this vulnerability stems from how Cursor’s AI agent interacts with Git, rather than a bug in the IDE’s core logic. Attackers exploit Git hooks scripts that run automatically during version control tasks by embedding a malicious pre-commit hook in a nested bare repository (a hidden folder containing version control data). When Cursor’s AI performs routine operations like a git checkout, it unknowingly triggers the hook, executing the attacker’s code without user interaction or warnings.
The risk is amplified by AI agents’ growing autonomy. Unlike past client-side attacks requiring user action (e.g., clicking a link), this exploit leverages Cursor’s ability to automate tasks on untrusted code, making it scalable and stealthy. Since developers routinely clone public repositories, the attack surface expands as AI tools process external code without oversight.
Novee disclosed the flaw to Cursor’s developers under responsible disclosure, leading to a patch in February 2026. Details were publicly released on April 28, 2026. The incident highlights a broader security concern: AI-powered coding assistants operate in high-privilege environments, often handling sensitive data like access tokens, passwords, and proprietary code. Security teams are now urged to audit these tools, as traditional assumptions about their safety may no longer hold.
Source: https://hackread.com/cursor-ai-ide-vulnerability-code-execution-git-hooks/
Cursor TPRM report: https://www.rankiteo.com/company/anysphereinc
"id": "any1777458325",
"linkid": "anysphereinc",
"type": "Vulnerability",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Developers using Cursor AI IDE',
'industry': 'Technology/Software Development',
'name': 'Cursor',
'type': 'Software (AI-powered IDE)'}],
'attack_vector': 'Malicious Repository Cloning',
'data_breach': {'sensitivity_of_data': 'Potential exposure of sensitive data '
'(access tokens, passwords, '
'proprietary code)'},
'date_publicly_disclosed': '2026-04-28',
'date_resolved': '2026-02',
'description': 'Researchers from threat hunting firm Novee uncovered a '
'high-severity vulnerability (CVE-2026-26268, CVSS 8.1) in '
'Cursor, a popular AI-powered Integrated Development '
'Environment (IDE). The flaw enables attackers to execute '
'arbitrary code on a developer’s machine simply by tricking '
'them into cloning a malicious repository. The vulnerability '
'stems from how Cursor’s AI agent interacts with Git, '
'exploiting Git hooks scripts that run automatically during '
'version control tasks. Attackers embed a malicious pre-commit '
'hook in a nested bare repository, which is triggered when '
'Cursor’s AI performs routine operations like a git checkout, '
'executing the attacker’s code without user interaction or '
'warnings.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'security flaw in AI-powered tool',
'operational_impact': 'Arbitrary code execution on developer '
'machines',
'systems_affected': 'Developer machines using Cursor AI IDE'},
'investigation_status': 'Resolved',
'lessons_learned': 'AI-powered coding assistants operate in high-privilege '
'environments and may handle sensitive data, requiring '
'heightened security audits. Traditional assumptions about '
'their safety may no longer hold.',
'post_incident_analysis': {'corrective_actions': 'Patch released to address '
'the vulnerability in Git '
'hook execution',
'root_causes': 'Cursor’s AI agent interaction with '
'Git hooks in malicious '
'repositories'},
'recommendations': 'Security teams should audit AI-powered coding tools for '
'vulnerabilities, particularly in how they interact with '
'version control systems and external code.',
'references': [{'source': 'Novee'}],
'response': {'communication_strategy': 'Responsible disclosure to Cursor’s '
'developers, public release on April '
'28, 2026',
'containment_measures': 'Patch released in February 2026',
'remediation_measures': 'Vulnerability patched in Cursor AI IDE',
'third_party_assistance': 'Novee (threat hunting firm)'},
'title': 'Critical Vulnerability in Cursor AI IDE Exposes Developers to '
'Arbitrary Code Execution',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2026-26268 (CVSS 8.1)'}