Overview
- Researchers disclosed that opening a repository in Cursor on Windows can cause Cursor to run a git.exe placed in the repo root, which then executes with the user’s privileges.
- Mindgard says it privately reported the issue to Cursor on December 15, 2025 and published full technical details after HackerOne reproduced and confirmed the report; Mindgard publicly disclosed the flaw on July 15, 2026.
- The underlying cause is a long‑standing Windows 'untrusted search path' behavior where tools probe for helper executables in the workspace before trusted system locations and thus run repo binaries without prompting.
- Vendor responses have been inconsistent: some vendors closed or down‑rated similar reports while others acknowledged the class of flaw, and as of mid‑July 2026 no broad cross‑vendor fixes had been widely deployed.
- Researchers recommend immediate mitigations such as AppLocker or Windows App Control path rules, EDR parent-aware policies, and opening untrusted repositories in disposable VMs or Windows Sandbox to protect keys and credentials.