Cursor Code Editor Remote and Persistent Code Execution Vulnerability
Vulnerability
A remote and persistent code execution vulnerability exists in the Cursor code editor, specifically in versions prior to 1.2.4. The issue arises when an attacker modifies a trusted MCP configuration file in a shared GitHub repository or locally on the victim's machine. After a collaborator accepts a benign MCP, the attacker can discreetly replace it with a malicious command, such as launching the calculator application, without any alerts or prompts. This exploitation is possible if the attacker has write permissions on the user's active branches that contain approved MCP servers or if they can write arbitrary files locally.
Impact
Exploitation allows for arbitrary code execution on the affected machine.
Remediation
Users are now required to approve any modifications to existing MCP server entries, in addition to the previous requirement for new servers.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.