Volerion logoVolerion
Volerion logoVolerion

Cursor TCC Bypass Vulnerability on macOS

Vulnerability

A TCC (Transparency, Consent, and Control) bypass vulnerability has been identified in Cursor version 15.4.1 for macOS. The issue arises from the 'RunAsNode' fuse being enabled, which allows local attackers with unprivileged access to execute arbitrary code that inherits TCC permissions granted to Cursor by the user. This exploitation can access TCC-protected resources such as the Documents folder without triggering additional system prompts, potentially masking the attacker's intentions.

Impact

Exploitation of this vulnerability allows access to TCC-protected assets, such as files in the Documents directory, without user consent. The vulnerability could be used to manipulate or exfiltrate sensitive information, creating a privacy risk for macOS users.

Reproduction

The vulnerability can be reproduced by opening a project in Cursor, which triggers a TCC permission request. Once permission is granted, malware can exploit the TCC bypass by injecting code into Cursor that accesses TCC-protected resources, such as the Documents folder, under the guise of the application.

Added: Aug 26, 2025, 1:17 PM
Updated: Aug 26, 2025, 1:43 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
1.3
exploitability
4.6
remediation
0.0
relevance
0.4
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.