Back to Intelligence

Unpatched Cursor IDE Vulnerability: Mitigating Arbitrary Code Execution via Malicious Git Binaries

SA
Security Arsenal Team
July 16, 2026
6 min read

Introduction

A critical vulnerability has been disclosed in Cursor, a widely adopted AI-assisted development environment with over 7 million active users. Identified by Mindgard and reported to the vendor in December 2025 without a subsequent patch, this flaw allows attackers to achieve arbitrary code execution (ACE) simply by having a developer open a malicious repository.

This is not a complex race condition or an obscure logic bug; it is a fundamental failure to validate execution paths. When a user loads a project, Cursor searches for git binaries. If a malicious actor plants a git.exe in the root of the repository, Cursor executes it automatically—without prompts, warnings, or user interaction—on a recurring cadence. Given the vendor's apparent inaction, defenders must implement immediate compensating controls to prevent supply chain compromises via this vector.

Technical Analysis

Affected Products & Platforms:

  • Product: Cursor IDE (Windows versions)
  • Platform: Windows (Primary focus of the PoC; macOS/Linux potentially susceptible depending on binary path resolution)

Vulnerability Details:

  • Vulnerability Type: Untrusted Search Path / Relative Path Execution
  • CWE ID: CWE-426 (Untrusted Search Path)
  • Attack Vector: Local (via cloned repository)
  • Impact: Arbitrary Code Execution, Privilege Escalation (context of the user running the IDE)

How the Attack Works:

  1. Initial Compromise: An attacker creates a public or private repository containing a malicious payload named git.exe.
  2. Victim Action: A developer, using the Cursor IDE, clones or opens this repository.
  3. Exploitation: Upon loading the workspace, Cursor initiates its internal version control checks. It searches for git binaries in standard locations but fails to sanitize the current working directory.
  4. Execution: Cursor discovers and executes the malicious git.exe from the project root.
  5. Persistence: The IDE repeats this check on a set cadence, ensuring the malicious code is re-executed periodically.

Exploitation Status:

  • Status: Public Disclosure / Unpatched
  • PoC: Concept demonstrated by Mindgard. No patch is currently available.

Detection & Response

Given the lack of a vendor patch, detection is your primary defense. Below are specific Sigma rules, KQL hunts, and artifacts to identify this behavior in your environment.

YAML
---
title: Potential Malicious Git Execution by Cursor IDE
id: 8c7b9d1a-2f4e-4b1c-9a5d-1e3b6c8d9f0a
status: experimental
description: Detects Cursor IDE executing git.exe from non-standard paths (e.g., project root), indicating a potential binary planting attack.
references:
  - https://mindgard.ai/blog/cursor-0day-when-full-disclosure-becomes-the-only-protection-left
author: Security Arsenal
date: 2026/07/16
tags:
  - attack.execution
  - attack.t1204
logsource:
  category: process_creation
  product: windows
detection:
  selection_parent:
    ParentImage|contains: 'Cursor.exe'
  selection_child:
    Image|endswith: '\git.exe'
  filter_legit_git:
    Image|contains:
      - '\Program Files\Git\'
      - '\Git\cmd\'
      - '\Git\bin\'
  condition: selection_parent and selection_child and not filter_legit_git
falsepositives:
  - Legitimate custom git installations in user profile (rare)
level: high
---
title: Suspicious Git.exe Execution from User Directories
id: 9d8e0a2b-3c5f-5d2e-0b6e-2f4c7d8e0a1b
status: experimental
description: Detects execution of git.exe from common user source code directories (Desktop, Documents, Downloads) which deviates from standard installation paths.
references:
  - https://mindgard.ai/blog/cursor-0day-when-full-disclosure-becomes-the-only-protection-left
author: Security Arsenal
date: 2026/07/16
tags:
  - attack.execution
  - cve
logsource:
  category: process_creation
  product: windows
detection:
  selection:
    Image|endswith: '\git.exe'
    Image|contains:
      - '\Users\'
      - '\Desktop\'
      - '\Documents\'
      - '\Downloads\'
  filter_legit:
    Image|contains:
      - '\AppData\Local\Programs\Git\'
      - '\Program Files\Git\'
  condition: selection and not filter_legit
falsepositives:
  - Developers running portable git binaries
level: medium
---
title: Repeated Execution of Binary in Project Root
id: 0a1b2c3d-4e5f-6a7b-8c9d-0e1f2a3b4c5d
status: experimental
description: Detects rapid repeated execution of the same binary from a project root directory, characteristic of the Cursor IDE cadence check.
references:
  - https://mindgard.ai/blog/cursor-0day-when-full-disclosure-becomes-the-only-protection-left
author: Security Arsenal
date: 2026/07/16
tags:
  - attack.execution
  - attack.persistence
logsource:
  category: process_creation
  product: windows
detection:
  selection:
    Image|endswith:
      - '.exe'
      - '.bat'
      - '.cmd'
    CommandLine|contains: '.git'
  timeframe: 5m
  condition: selection | count() > 3
falsepositives:
  - Heavy scripting or automated build tools
level: low
KQL — Microsoft Sentinel / Defender
// KQL Hunt for Microsoft Sentinel / Defender for Endpoint
// Hunt for git.exe executions originating from user profiles or non-standard paths,
// specifically checking for parent processes associated with dev tools.

DeviceProcessEvents
| where Timestamp > ago(7d)
| where FileName =~ "git.exe"
| where not(FolderPath has @"Program Files" or FolderPath has @"Program Files (x86)" or FolderPath has @"Windows\System32")
| project Timestamp, DeviceName, AccountName, InitiatingProcessFileName, InitiatingProcessCommandLine, FileName, FolderPath, ProcessCommandLine
| where InitiatingProcessFileName contains "Cursor" or InitiatingProcessFileName contains "cursor"
| order by Timestamp desc
VQL — Velociraptor
// Velociraptor VQL Artifact to hunt for suspicious git.exe executions
// and scan for git.exe in common project directories.

LET suspicious_files = SELECT FullPath, Mtime
FROM glob(globs="*/Users/*/Desktop/git.exe")
WHERE NOT FullPath =~ "Program Files"

SELECT * FROM foreach(row=suspicious_files, 
  query={
      SELECT FullPath, Mtime, 
             exec(cmd="powershell -command " + "(Get-FileHash -Path '" + FullPath + "').Hash") as Hash
      FROM scope()
  })
PowerShell
# Remediation Script: Scan and Block Malicious Git Binaries
# Usage: Run as Administrator. This script scans common source directories
# for git.exe and creates a firewall block rule if found outside standard paths.

$StandardPaths = @("C:\Program Files\Git", "C:\Program Files (x86)\Git")
$UserProfiles = Get-ChildItem "C:\Users" -Directory
$SuspiciousFound = $false

foreach ($Profile in $UserProfiles) {
    $SearchPaths = @(
        "$($Profile.FullName)\Desktop",
        "$($Profile.FullName)\Documents",
        "$($Profile.FullName)\Downloads",
        "$($Profile.FullName)\Source",
        "$($Profile.FullName)\repos"
    )

    foreach ($Path in $SearchPaths) {
        if (Test-Path $Path) {
            $MaliciousGit = Get-ChildItem -Path $Path -Filter "git.exe" -Recurse -ErrorAction SilentlyContinue
            foreach ($File in $MaliciousGit) {
                $IsStandard = $false
                foreach ($Std in $StandardPaths) {
                    if ($File.FullName -like "$Std*") { $IsStandard = $true }
                }
                
                if (-not $IsStandard) {
                    Write-Host "[!] Suspicious git.exe found at: $($File.FullName)" -ForegroundColor Red
                    $SuspiciousFound = $true
                    
                    # Quarantine / Delete action (Commented out for safety - enable as needed)
                    # Remove-Item -Path $File.FullName -Force
                    
                    # Block execution via Firewall Rule
                    $RuleName = "Block Malicious Git - $($File.Name)"
                    if (-not (Get-NetFirewallRule -DisplayName $RuleName -ErrorAction SilentlyContinue)) {
                        New-NetFirewallRule -DisplayName $RuleName -Direction Outbound -Program $File.FullName -Action Block
                        Write-Host "[+] Created Firewall Block Rule for: $($File.FullName)" -ForegroundColor Yellow
                    }
                }
            }
        }
    }
}

if (-not $SuspiciousFound) {
    Write-Host "No suspicious git.exe files found in standard user directories." -ForegroundColor Green
}

Remediation

As of this publication, no official patch exists for this vulnerability. Defenders must rely on strict configuration management and network hygiene.

Immediate Workarounds:

  1. Restrict Execution Paths (WDAC/AppLocker): Implement Windows Defender Application Control (WDAC) or AppLocker policies to explicitly deny the execution of git.exe from user-writable directories (e.g., C:\Users\*\*, C:\Dev\*). Allow execution only from trusted directories like C:\Program Files\Git\.
  2. Halt Usage of Cursor for Untrusted Code: Advise development teams to pause the use of Cursor IDE when cloning or opening repositories from untrusted sources.
  3. Pre-Commit Scanning: Implement pre-commit hooks or repository scanning tools (e.g., pre-receive hooks in GitLab/GitHub) to reject commits containing git.exe or other suspicious binaries in the repository root.
  4. Network Segmentation: Ensure development workstations do not have broad unnecessary network access. If a workstation is compromised, lateral movement should be inhibited.

Vendor Advisory:

Related Resources

Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment Vulnerability Management Intel Hub

cursor-idesupply-chain-attackwindows-securityarbitrary-code-executiondetection-rulesapplocker

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.