A security vulnerability in the Cursor AI code editor could allow malicious repositories to automatically execute harmful code as soon as they are opened. This flaw exists because Cursor, a popular fork of Visual Studio Code, disables the Workspace Trust feature by default—a safeguard present in VS Code that prevents unauthorized automatic task execution. As a result, attackers can embed a malicious tasks.json file in a public repository, which runs immediately upon opening the project.
This auto-run capability enables threat actors to steal sensitive developer credentials, hijack environments, or deploy malware without any user interaction. Researchers from Oasis Security demonstrated the risk with a proof-of-concept that exfiltrates user data upon project load. Despite being notified, the Cursor development team has declined to enable Workspace Trust by default, citing that it would limit AI functionality and core user features.
Instead, Cursor advises users to manually enable Workspace Trust or use a plain text editor when dealing with untrusted repositories. Security experts recommend developers exercise caution, verify unknown projects before opening them, and avoid storing sensitive credentials in globally accessible shell profiles to mitigate potential attacks.
Read more...