{"data":{"id":"92630076-835d-43c2-b306-e954098fe2da","title":"Critical Cursor bug could turn routine Git into RCE","summary":"A critical vulnerability in Cursor IDE (a code editor with AI capabilities) allowed attackers to execute malicious code on a developer's machine by embedding harmful Git hooks (automated scripts that run during repository operations) in a fake repository. When Cursor's AI agent autonomously performed routine Git operations like checking out code, it would unknowingly trigger and run the attacker's malicious scripts, giving the attacker control over the developer's computer.","solution":"The flaw is patched in Cursor version 2.5. According to the source, 'Sandbox escape via writing .git configuration was possible in versions prior to 2.5,' meaning the vulnerability has been fixed in version 2.5 and later.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4164250/critical-cursor-bug-could-turn-routine-git-into-rce.html","publishedAt":"2026-04-28T13:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-28T13:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}