Cursor 0day Executes Arbitrary Code Automatically via Workspace git.exe Binaries
A critical security vulnerability in Cursor automatically executes a malicious git.exe binary placed in a repository's root without user interaction or prompts. Developers opening untrusted repositories on Windows are vulnerable to repeated arbitrary code execution.
Why it matters
With millions of developers adopting Cursor, this zero-day represents a severe supply-chain and workspace security risk on Windows systems since simply opening a project triggers the payload.
TL;DR
- 01Cursor automatically executes git.exe in the repository root upon opening a project.
- 02The vulnerability leads to repeated arbitrary code execution without user interaction.
- 03Enterprise mitigations include path-based AppLocker policies, while consumers should use sandbox environments.
Key facts
- Identified Date
- December 15, 2025
- Target OS
- Windows
- Vulnerability Type
- Uncontrolled Search Path Element (Arbitrary Code Execution)
The Attack Vector
The vulnerability stems from Cursor's path resolution routine on Windows environments. When a workspace is loaded, Cursor searches for Git executables in several paths, including the repository root. If a binary named git.exe exists in the workspace root, the IDE launches it automatically without prompting for confirmation.
Continuous Execution Loop
In testing, Mindgard demonstrated that simply renaming the Windows Calculator app to git.exe in a project root caused multiple instances of Calculator to launch over time. Cursor repeatedly executes the binary on a cadence to run commands like git rev-parse --show-toplevel.
Practical Mitigations
Until a formal patch is released, Windows developers must protect themselves manually: 1. AppLocker Policies: Enterprise administrators can deploy path-based deny rules to block execution of binaries in developer workspaces, such as %USERPROFILE%\\source\\repos\\*\\filename.exe. Do not rely on file hash blocklists, as payloads can easily vary. 2. Use Sandboxes: Open all third-party or untrusted repositories inside an isolated Virtual Machine, Windows Sandbox, or a containerized environment.