Уязвимость в Cursor AI может привести к скрытому запуску вредоносного кода при открытии проектов Translation: Vulnerability in Cursor AI Could Lead to Hidden Execution of Malicious Code When Opening Projects

Opening a project folder in certain code editors may trigger the hidden execution of malicious commands. According to SlowMist, users of Cursor AI are primarily vulnerable to this exploit.

This vulnerability affects popular development environments and tools for Vibe Coding, where programming tasks are delegated to large language models.

The mechanics of the attack rely on creating a project with a specific structure. If a developer accesses such a folder using the standard Open Folder function, a malicious command will automatically run on their device. This threat is relevant for both Windows and macOS systems.

Experts have reported that several users of the AI editor Cursor have already fallen victim to this campaign, although the exact damage remains unknown.

The founder of SlowMist, who goes by the pseudonym Cos, has already informed the security team of the platform about the incident.

As of the time of writing, Cursor has not commented on the reports of the vulnerability.

Web3 researcher going by the name DeFi Teddy advised users to employ separate devices for Vibe Coding and cryptocurrency storage.

«Always avoid opening projects in Cursor or downloading them from unverified or suspicious sources (like random GitHub repositories) whose security cannot be confirmed,» he added.

In September, specialists from Oasis Security discovered a similar vulnerability in a program that allowed for the injection of malicious code, taking control of the working environment and stealing API tokens without requiring any user commands.

Cursor is an IDE based on Visual Studio Code, equipped with integrated AI tools. The project is linked with popular chatbots like ChatGPT and Claude.

The platform is favored by developers, with media reports indicating around one million users generating more than a billion lines of code daily. In May, the company behind Cursor, Anysphere, raised $900 million with a valuation of $9 billion.

Recall that in July, the cybersecurity service Tracebit found a vulnerability in Google’s Gemini that enabled the covert execution of malicious commands when users viewed suspicious code through a neural network.