“`html
A remote code execution flaw has been identified in the Cursor AI Code Editor, allowing a malicious code repository to execute code on a user’s device upon automatic opening.
The research group at Oasis Security revealed the vulnerability, which circumvents standard user consent alerts by taking advantage of a default configuration in the widely-used editor.
Oasis Security explains that the root of the issue lies in Cursor being shipped with its “Workspace Trust” feature deactivated by default. This protective measure, found in VS Code, aims to stop untrusted code from executing automatically.
With this feature disabled, an attacker can create a malicious code repository that includes a specially formatted .vscode/tasks.json file. By configuring the runOptions.runOn parameter to “folderOpen”, any commands within this task file will run as soon as a developer opens the project folder in Cursor.
Cursor AI Code Editor RCE Vulnerability
This alters a seemingly innocuous action into covert code execution within the user’s security context, without any alerts or requests for trust. An attacker might exploit this to acquire sensitive data, alter local files, or establish a connection to a command-and-control server.
This vulnerability represents a considerable threat since developer machines often contain a wealth of high-privilege credentials. Gaining access to a developer’s laptop can provide an attacker immediate entry to cloud API keys, Personal Access Tokens (PATs), and ongoing SaaS sessions.
The risk is not confined to the individual system; once initial access is gained, an attacker can navigate to interconnected CI/CD pipelines and cloud services.
This lateral movement is particularly alarming as it can compromise non-human identities such as service accounts, which frequently possess extensive and powerful permissions across an organization’s infrastructure. A single compromised repository could trigger a widespread security crisis.
Users of Cursor operating with the default settings are directly impacted by this vulnerability. Conversely, standard Visual Studio Code users with Workspace Trust enabled are at a reduced risk, as the feature prevents automatic task execution until the user explicitly authorizes trust for the project folder.
In light of the revelation, Cursor has indicated that users can manually activate Workspace Trust and that updated security guidelines will be forthcoming.
Oasis Security has furnished immediate hardening advice for development teams. Users should activate Workspace Trust in Cursor, mandate the startup prompt, and contemplate setting the task.allowAutomaticTasks preference to “off”.
Additionally, it is recommended to open all unfamiliar repositories within a secure, isolated environment, such as a transient container or virtual machine, to avert potential execution.
“`