Vulnerability in Cursor AI allowed remote takeover of developer machines

April 20, 20262 min read1 sources
Share:
Vulnerability in Cursor AI allowed remote takeover of developer machines

A critical vulnerability has been patched in Cursor, an AI-powered code editor, that could allow an attacker to gain complete remote control of a developer's computer. The multi-stage exploit, discovered by security researcher Johann Rehberger, combined AI manipulation with a sandbox escape to achieve remote code execution (RCE).

The attack could be initiated simply by a developer opening a malicious project file. An attacker would first embed hidden instructions within a seemingly harmless file, such as a README.md. When opened in the IDE, Cursor’s AI assistant would process the file’s contents. These instructions acted as an indirect prompt injection, tricking the AI into executing system commands.

Rehberger discovered that these commands could then bypass the AI's protective sandbox, allowing arbitrary code to run directly on the host machine. To complete the attack chain, the malicious code could activate Cursor’s legitimate remote tunnel feature, establishing a persistent shell and giving the attacker ongoing access to the compromised device.

The impact of such a compromise is severe. A successful attacker could steal proprietary source code, exfiltrate sensitive credentials like API keys and cloud access tokens, or use the developer’s machine as a launchpad to move laterally within a corporate network. The vulnerability highlights a significant software supply chain risk, where developer tools themselves become the vector for an attack.

Rehberger reported the vulnerability to the Cursor team on January 16, 2024. A patch was subsequently released on February 2 in version 0.20.1. All users of the Cursor IDE are advised to update to the latest version immediately to protect against this threat.

Share:

// SOURCES

// RELATED

UK regulator moves to compel tech firms to combat AI-generated deepfakes and abuse

The UK's communications regulator, Ofcom, will use the Online Safety Act to legally compel tech firms to combat AI-generated deepfakes and abuse.

7 min readMay 26

Weaponized AI: The new frontier of fraud and identity spoofing

As AI-driven fake identity fraud is projected to cause $40 billion in losses, organizations must abandon static security for adaptive, AI-enabled defe

7 min readMay 19

AI wants your bank account: Experts warn of unprecedented privacy and security risks

A hypothetical OpenAI feature to connect financial accounts to ChatGPT highlights unprecedented security and privacy risks, creating a data "honey pot

6 min readMay 18

How AI hallucinations are creating real security risks

AI hallucinations are introducing serious security risks by exploiting human trust with confident but incorrect outputs, posing a direct threat to cri

7 min readMay 18