A remote code execution vulnerability has been discovered in the Cursor AI Code Editor, enabling a malicious code repository to run code on a user’s machine upon opening automatically.
The research team at Oasis Security uncovered the flaw, which bypasses typical user consent prompts by exploiting a default configuration setting in the popular editor.
According to Oasis Security, the core of the vulnerability lies in Cursor shipping with its “Workspace Trust” feature disabled by default. This security setting, present in VS Code, is designed to prevent untrusted code from executing automatically.
With this feature off, an attacker can craft a malicious code repository containing a specially configured .vscode/tasks.json file. By setting the runOptions.runOn parameter to “folderOpen”, any commands within this task file will execute the moment a developer opens the project folder in Cursor.
Cursor AI Code Editor RCE Vulnerability
This transforms a seemingly harmless action into silent code execution within the user’s security context, without any warning or prompt for trust. An attacker can leverage this to steal sensitive information, modify local files, or establish a connection to a command-and-control server.
This vulnerability poses a significant risk because developer machines are often treasure troves of high-privilege credentials. Compromising a developer’s laptop can give an attacker immediate access to cloud API keys, Personal Access Tokens (PATs), and active SaaS sessions.
The danger extends beyond the individual machine; with an initial foothold, an attacker can pivot to connected CI/CD pipelines and cloud infrastructure.
This lateral movement is especially concerning as it can lead to the compromise of non-human identities, such as service accounts, which often possess broad and powerful permissions across an organization’s environment. A single booby-trapped repository could initiate a widespread security incident.
Cursor users running the default configuration are directly affected by this vulnerability. In contrast, standard Visual Studio Code users with Workspace Trust enabled are at a lower risk, as the feature blocks automatic task execution until the user explicitly grants trust to the project folder.
In response to the disclosure, Cursor has stated that users can manually enable Workspace Trust and that updated security guidance will be published soon.
Oasis Security has provided immediate hardening recommendations for development teams. Users should enable Workspace Trust in Cursor, require the startup prompt, and consider setting the task.allowAutomaticTasks preference to “off”.
It is also advised to open all unknown repositories in a secure, isolated environment, such as a disposable container or virtual machine, to prevent potential execution.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
