Full disclosure: Arbitrary code execution in Cursor

16 points by owent


czarkoff

I was expecting a joke about the AI agents executing whatever occurs to them amounting to arbitrary code execution. But as alway AI tools surpass expectations...

hoistbypetard

I don't think it's hyperbolic to suggest that their response to the report here opens the question of whether this might be a backdoor as opposed to a bug.

I guess my opinion is irrelevant here, because I wasn't going to ever use it anyway. But if I were responsible for endpoint security in a place, I'd be banning cursor rather than trying to mitigate this the way the disclosure post suggests.

mdaniel

a tale as old as time: don't put . in your $PATH/%PATH%

Gaelan

Several people on HN note that Cursor ships with VS Code's workspace trust disabled by default. So in Cursor's default configuration, the trust model doesn't allow for opening untrusted codebases anyway.

However:

  1. That's a terrifying default.
  2. If Cursor are going to allow users to enable workspace trust, they'd better made it work as described, i.e. not execute arbitrary code in restricted workspaces.