Cursor 0day: When Full Disclosure Becomes the Only Protection Left

Open a coding folder, accidentally run a trap, and the comments are losing it

TLDR: Researchers say Cursor on Windows can automatically run a harmful file hidden in a project folder just by opening it, and they claim it still isn’t fixed after months. In the comments, people are split between outrage over the design and snark that the whole situation feels absurdly AI-era.

A security report claims that on Windows, simply opening the wrong project in Cursor can make the app run a hidden file sitting in the folder—no warning, no click, no "are you sure?" That alone is eyebrow-raising. But the real popcorn moment is the community reaction, which ranges from baffled to brutally sarcastic. One camp is stuck on the same question: why is Cursor even doing this at all? As one commenter basically put it, what kind of "black magic" decision led to hunting for a file like git.exe inside the very project you just opened?

Then came the hot takes. Some readers immediately imagined the origin story as peak AI-era chaos: a broken setup, an over-helpful fix, and somehow a mystery file in the project folder became a "feature." Others weren’t fully buying the doomsday framing, arguing that the bad file still has to get onto your computer somehow first, so this isn’t exactly a ghost attack from nowhere. That sparked the classic comments-section split: is this an outrageous own goal, or a serious but slightly overdramatic security write-up?

And yes, people also dunked on the blog post itself. A few commenters joked that the disclosure timeline felt messy, and one snarked that the post read like it had been written by a chatbot—an especially spicy accusation given Cursor’s whole AI-coded vibe. So while the article is about a dangerous bug, the comments turned it into a full-on tech soap opera: part security scare, part product roast, part "how did this ever ship" comedy hour.

Key Points

  • The article alleges that Cursor on Windows automatically executes a malicious `git.exe` placed in a repository root when a project is opened, resulting in arbitrary code execution.
  • The report says Mindgard identified and disclosed the vulnerability to Cursor on December 15, 2025.
  • According to the article, the issue remained present more than six months later and after 197 or more new Cursor versions.
  • The article recommends AppLocker or Windows App Control for managed Windows systems and isolated environments such as VMs or Windows Sandbox for consumers.
  • The article says the disclosure process involved repeated outreach, a later acknowledgment of an internal automation failure by Cursor’s CISO, and a HackerOne reopening and reproduction of the report.

Hottest takes

"the most likely candidate is a developer's git started malfunctioning and an agent 'fixed' it" — aliasxneo
"HN users are wasting time" — nubg
"Why is cursor subsequently executing anything? Like what is this black magic" — minraws
Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.