CVE-2026-63093
Anysphere, Inc. · Cursor
The Cursor code editor for Windows is vulnerable to remote code execution via an untrusted search path, allowing attackers to execute malicious code when a user interacts with a workspace.
Executive summary
A critical remote code execution vulnerability in Cursor for Windows poses an extreme risk, as it allows attackers to compromise a user's machine through workspace interaction.
Vulnerability
This vulnerability involves an untrusted search path (CWE-426). It allows an unauthenticated attacker to achieve remote code execution by placing a malicious executable file in a location where the application inadvertently executes it during workspace operations.
Business impact
With a CVSS score of 8.8, this vulnerability represents a severe threat to endpoint security. Successful exploitation allows for full system compromise, including the potential theft of source code, credentials, or sensitive developer environment data.
Remediation
Immediate Action: Apply the latest security updates provided by the vendor immediately.
Proactive Monitoring: Monitor developer endpoints for unauthorized process execution or unexpected file creation within project workspaces.
Compensating Controls: Advise users to avoid opening workspaces or repositories from untrusted or unknown sources until the environment is confirmed as secure.
Exploitation status
Public Exploit Available: Yes, a public proof-of-concept is documented via security research sources.
Analyst recommendation
The severity of this remote code execution vulnerability necessitates immediate patching across all developer machines. Organizations should treat this as a high-priority incident to prevent potential supply chain or intellectual property theft.