A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as it’s opened.
Threat actors can exploit the flaw to drop malware, hijack developer environments, or steal credentials and API tokens, without developers having to execute any commands.
Cursor is an AI-powered Integrated Development Environment (IDE) built as a fork of Visual Studio Code (VS Code) that has deep integration of mainstream AI assistants like GPT-4 and Claude for software development tasks.
It is one of the fastest-growing AI-coding tools, currently used by one million users to generate more than a billion lines of code every day.
Source of the problem
Researchers at Oasis Security, a company that provides a management and security solution for non-human identities (NHIs), found that the issue stems from Cursor disabling the Workspace Trust feature from VS Code, which blocks automatic execution of tasks without developers' explicit consent.
In the default configuration, Cursor executes tasks immediately after opening a project folder. A threat actor could take advantage of this by adding a malicious .vscode/tasks.json file in a publicly shared repository.
"When a user opens such a repository from Cursor, even for simple browsing, arbitrary code can be run in their environment," the researchers at Oasis Security say.
"This has the potential to leak sensitive credentials, modify files, or serve as a vector for broader system compromise."
VS Code, however, is not impacted because it does not auto-run the file in default configurations.
... continue reading