CVE-2026-63093

Anysphere, Inc. · Cursor

The Cursor code editor for Windows is vulnerable to remote code execution via an untrusted search path, allowing attackers to execute malicious code when a user interacts with a workspace.

Executive summary

A critical remote code execution vulnerability in Cursor for Windows poses an extreme risk, as it allows attackers to compromise a user's machine through workspace interaction.

Vulnerability

This vulnerability involves an untrusted search path (CWE-426). It allows an unauthenticated attacker to achieve remote code execution by placing a malicious executable file in a location where the application inadvertently executes it during workspace operations.

Business impact

With a CVSS score of 8.8, this vulnerability represents a severe threat to endpoint security. Successful exploitation allows for full system compromise, including the potential theft of source code, credentials, or sensitive developer environment data.

Remediation

Immediate Action: Apply the latest security updates provided by the vendor immediately.

Proactive Monitoring: Monitor developer endpoints for unauthorized process execution or unexpected file creation within project workspaces.

Compensating Controls: Advise users to avoid opening workspaces or repositories from untrusted or unknown sources until the environment is confirmed as secure.

Exploitation status

Public Exploit Available: Yes, a public proof-of-concept is documented via security research sources.

Analyst recommendation

The severity of this remote code execution vulnerability necessitates immediate patching across all developer machines. Organizations should treat this as a high-priority incident to prevent potential supply chain or intellectual property theft.