Cursor AI Code Editor RCE Vulnerability Allows Automatic Execution of Malicious Code on Your Device

A remote code execution vulnerability has been identified in the Cursor AI Code Editor, allowing malicious code repositories to execute code on a user’s machine automatically upon opening. The flaw, discovered by the research team at Oasis Security, circumvents standard user consent prompts by exploiting a default configuration setting in the editor. The vulnerability stems from Cursor shipping with its “Workspace Trust” feature disabled by default. This security feature, which is present in Visual Studio Code, is intended to prevent untrusted code from executing automatically. When this feature is off, an attacker can create a malicious code repository with a specially configured .vscode/tasks.json file. By setting the runOptions.runOn parameter to “folderOpen”, any commands within this task file will execute immediately when a developer opens the project folder in Cursor. This situation transforms a seemingly innocuous action into silent code execution within the user’s security context, without any warning or trust prompt.

The implications of this vulnerability are significant, as developer machines often contain high-privilege credentials. An attacker compromising a developer’s laptop could gain immediate access to cloud API keys, Personal Access Tokens (PATs), and active SaaS sessions. The risk extends beyond the individual machine; with an initial foothold, an attacker can pivot to connected CI/CD pipelines and cloud infrastructure. This lateral movement is particularly concerning, as it may lead to the compromise of non-human identities, such as service accounts, which typically possess extensive permissions across an organisation’s environment. A single compromised repository could trigger a widespread security incident. Cursor users operating under the default configuration are directly affected, while standard Visual Studio Code users with Workspace Trust enabled face a lower risk. In response to this disclosure, Cursor has advised users to manually enable Workspace Trust and has promised updated security guidance soon. Oasis Security has also provided immediate recommendations for development teams, including enabling Workspace Trust, requiring a startup prompt, and setting the task.allowAutomaticTasks preference to “off”. Users are further advised to open unknown repositories in secure, isolated environments, such as disposable containers or virtual machines, to mitigate potential execution risks. 

Categories: Vulnerability, Security Risk, Development Tools 

Tags: Cursor AI, Code Editor, Remote Code Execution, Vulnerability, Workspace Trust, Malicious Code, Security Risk, Developer Machines, Task Execution, Security Guidance