AI Tools & Products

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

· July 15, 2026
Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

What happened

Cursor, the AI-powered coding assistant for Windows, has a critical security flaw. If a cloned repository includes a file named git.exe in its root folder, Cursor will execute that file automatically when the project opens. There is no prompt, no warning, and no user approval required. This means any malicious git.exe binary runs with the user’s full permissions, including access to source code, SSH keys, and cloud tokens. Cursor continues rerunning this executable as long as the project remains open.

The risk

This behavior exposes users to a severe remote code execution risk. Attackers can craft malicious repositories with a rogue git.exe that runs arbitrary code without interaction. Since the code runs with user-level privileges, it can steal credentials, manipulate files, or pivot in cloud environments. The lack of prompts or approval dialogs makes it a silent attack vector, increasing its effectiveness and reducing user awareness of the compromise.

Why it matters

For developers using AI coding tools like Cursor on Windows, this vulnerability significantly raises security risks in everyday workflows. Cloned repositories are common, especially from open source or shared projects, making supply chain and repo-based exploits easier. This flaw pressures Git and AI code assistant vendors to improve execution safeguards. Organizations should rethink workspace trust boundaries and reevaluate local environment protections when using AI coding assistants.

Who should pay attention

Windows developers relying on Cursor or similar code assistants must assess exposure. Security teams and DevOps personnel need to enforce controls around project sources and scanning for unexpected executables. Founders and IT leaders should update policies about AI tooling use and credential management. Cloud operators and infrastructure teams should assume compromised local workstations can leak secrets through these automated code runs.

What to watch next

Watch for patches or updates from Cursor that add execution confirmation or block suspicious binaries in project directories. Security advisories may start flagging cloned repos containing unexpected executables. AI assistant developers will face pressure to build stricter controls preventing silent code execution. This issue might prompt broader evaluation of trust levels in developer tools running automated processes on sensitive Windows platforms.

AI Quick Briefs Editorial Desk

Stay ahead of AI Get the most important AI news delivered to your inbox — free.