A security vulnerability in Cursor, an AI-augmented fork of Visual Studio Code, could allow attackers to covertly run code on users’ computers when a repository is opened, researchers warn.
Cursor is built on the same framework as VS Code, but unlike VS Code, it ships with Workspace Trust disabled by default. Workspace Trust is designed to prevent potentially malicious code from running automatically as users browse or open code repositories.
Oasis Security researchers described how an attacker could insert a commit containing a hidden autorun instruction that triggers a task the moment a folder is opened, with no prompt or user consent. When a user opens a Cursor project harvested from a public repository, the malicious task can execute within the user’s session. The researchers warned that such execution could enable attackers to steal sensitive information and credentials, modify files, and pivot into cloud environments and CI/CD pipelines, including non-human identities that often carry broad permissions.
The risk is heightened by the fact that autorun is enabled by default in Cursor, which could allow a booby-trapped repository to spread from a local machine to CI/CD and cloud workloads. Oasis researchers have also published a harmless proof-of-concept vscode/tasks.json file and offer threat-hunting guidance for enterprises.
Mitigation options include turning Workspace Trust on in Cursor; however, the Cursor developers have noted that enabling Workspace Trust disables AI features that many users rely on. If enabling Workspace Trust is not viable, researchers advise disabling all automatic task execution by setting task.allowAutomaticTasks: "off" and opening unknown repositories in a different editor or a safer environment (e.g., a disposable container or virtual machine). Users and organizations are also advised to avoid storing important passwords or API tokens in a way that makes them accessible to every app, loading them only when needed.
Anysphere, the company behind Cursor, has committed to publishing updated security guidance explaining their position on Workspace Trust and providing instructions for enabling it for users and organizations who want to adopt it. In the meantime, Oasis researchers have highlighted the potential impact and provided steps for enterprises to detect and mitigate such risks as they work to balance usability with security.