Cursor AI Bug Lets Hackers Auto-Run Malicious Code

A critical remote code execution flaw in the Cursor AI code editor exposes users to silent attacks triggered simply by opening a project folder. The Cursor AI bug lets hackers execute commands automatically when developers access malicious repositories, without requiring user interaction or consent.

Security researchers at Oasis Security uncovered the issue, which takes advantage of a default configuration that disables the Workspace Trust feature. This setting normally prevents automatic task execution in untrusted projects. With Workspace Trust turned off, attackers can embed a specially crafted `.vscode/tasks.json` file that runs code instantly using the “folderOpen” trigger. The Cursor AI bug lets hackers exploit trusted environments, enabling theft of credentials, file tampering, or remote access setup.

Cursor users are urged to enable Workspace Trust, require trust prompts, and disable automatic tasks. Opening unfamiliar repositories in isolated environments is also recommended.

Read the full article at

Cursor AI Code Editor RCE Vulnerability Enables “autorun” of Malicious on your Machine