CVE-2026-63093
Received Received - Intake

Cursor for Windows Binary Planting Arbitrary Code Execution

Vulnerability report for CVE-2026-63093, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: VulnCheck

Description

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves and executes the workspace-resident git.exe during IDE startup and on a recurring timed cadence without any user interaction, running the malicious binary under the privileges of the current user.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
cursor cursor 3.2.16

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-426 The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

Cursor for Windows version 3.2.16 has a binary planting vulnerability where attackers can place a malicious git.exe file in a repository root directory. When a developer clones and opens the repository, Cursor automatically executes this malicious file during IDE startup and at regular intervals without any user interaction, running it with the current user's privileges.

Detection Guidance

To detect this vulnerability, monitor for unexpected git.exe processes running from workspace directories. Check Cursor's logs for automatic git.exe execution during IDE startup or recurring intervals. Use Windows Event Viewer to review process creation events involving git.exe in untrusted repository paths.

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary code on your system with your current user privileges. It can lead to unauthorized access, data theft, malware installation, or further compromise of your development environment without your knowledge or consent.

Compliance Impact

This vulnerability could lead to unauthorized code execution on developer systems, potentially exposing sensitive data regulated by GDPR or HIPAA. Attackers may gain access to personal or health information if the compromised system processes such data. Compliance may be impacted if the vulnerability results in data breaches or unauthorized access to regulated environments.

Mitigation Strategies

Immediately block execution of git.exe from workspace directories using AppLocker or Windows App Control policies. Avoid opening untrusted repositories in Cursor; use isolated environments like a virtual machine or Windows Sandbox. Monitor system activity for suspicious git.exe processes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-63093. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart