Cursor Zero-Day: Malicious git.exe in Repo Root Executes Arbitrary Code Without User Interaction
What happened
Mindgard disclosed on July 14, 2026 the details of a critical zero-day vulnerability (CVE-2026-26268) in Cursor IDE with 7M+ users. On Windows, if a repository contains a malicious git.exe in the project root directory, Cursor automatically executes it when the project is opened — without any user interaction, clicks, or warnings.
Context and impact
The vulnerability was first reported December 15, 2025, but remained unpatched for 7+ months while Cursor shipped 197 new versions. Additionally, Mindgard disclosed two prompt-injection sandbox-escape vulnerabilities (CVE-2026-50548 and CVE-2026-50549, CVSS 9.8) enabling zero-click remote code execution. These were patched in Cursor 3.0. Reliance on external tools (git) as part of automated agentic workflows represents a systemic risk for the entire AI IDE category.
Details
- CVE-2026-26268: malicious git.exe in repo root = RCE without interaction (Windows)
- CVE-2026-50548 & -50549: CVSS 9.8, zero-click RCE via prompt injection
- Reported: December 15, 2025; unpatched for 7+ months / 197 Cursor releases
- Patched: CVE-2026-50548/49 in Cursor 3.0; CVE-2026-26268 status unclear at disclosure
- Impact: 7M+ active Cursor IDE users
- Disclosure: full disclosure after coordinated patching failed