Critical Flaw in Cursor Puts Nearly a Million Developers at Risk

Experts at Oasis Security have reported a vulnerability in the Cursor code editor that enables arbitrary tasks to be executed upon opening a repository. The issue arises because, unlike Visual Studio Code, Cursor has the Workspace Trust feature disabled by default—a mechanism designed to block the automatic execution of tasks without explicit user consent. As a result, simply adding a .vscode/tasks.json file to a project can cause malicious code to run immediately when the folder is opened on a developer’s machine.

Cursor, a rapidly growing development environment with integrated GPT-4 and Claude, is used daily by nearly one million programmers who collectively generate over a billion lines of code. While the automatic execution of tasks enhances its utility for AI-driven workflows, it simultaneously introduces severe security risks: an attacker could implant a trojan, steal tokens and API keys, establish a connection to a command-and-control server, or leverage the compromise as an entry point for a broader supply chain attack.

To demonstrate the danger, Oasis Security researchers created a proof-of-concept tasks.json file that, when opened in Cursor, discreetly transmits the current user’s name. By contrast, Visual Studio Code, in its default configuration, does not execute such files automatically—making it inherently safer in this scenario.

Cursor’s developers acknowledged the flaw but declined to reinstate Workspace Trust as the default, arguing that it would restrict the functionality of the built-in AI features—the very purpose for which the product was designed. Instead, the team advised users handling unverified projects to manually enable the security setting or fall back on a conventional text editor. The company also pledged to release updated documentation with clarifications and step-by-step guidance.

For their part, security researchers recommend opening unknown repositories only in external editors, reviewing project contents prior to execution, and avoiding the storage of sensitive data globally in shell profiles. They also published configuration parameters that allow Workspace Trust to be enabled manually in Cursor, thereby reducing the risk of malicious tasks being executed automatically.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy