Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- A report found hackers can exploit an autorun feature in Cursor.
- The danger is “significant,” but there’s an easy fix.
- Cursor uses AI to assist with code-editing.
A new report has uncovered what it describes as “a critical security vulnerability” in Cursor, the popular AI-powered code-editing platform.
The report, published Wednesday by software company Oasis Security, found that code repositories within Cursor that contain the .vscode/tasks.json configuration can be instructed to automatically run certain functions as soon as the repositories are opened. Hackers could exploit that autorun feature via malware embedded into the code.
Also: I did 24 days of coding in 12 hours with a $20 AI tool – but there’s one big pitfall
“This has the potential to leak sensitive credentials, modify files, or serve as a vector for broader system compromise, placing Cursor users at significant risk from supply chain attacks,” Oasis wrote.
While Cursor and other AI-powered coding tools like Claude Code and Windsurf have become popular among software developers, the technology is still fraught with bugs. Replit, another AI coding assistant that debuted its newest agent earlier this week, recently deleted a user’s entire database.
The security flaw
According to Oasis’ report, the problem is rooted in the fact that Cursor’s “Workplace Trust” feature is disabled by default.
Basically, this feature is intended to be a verification step for Cursor users so that they only run code that they know and trust. Without it, the platform will automatically run code that’s in a repository, leaving the window open for bad actors to surreptitiously slip in malware that could then jeopardize a user’s system — and from there, potentially spread throughout a broader network.
Also: I asked AI to modify mission-critical code, and what happened next haunts me
Running code without the Workplace Trust feature could open “a direct path to unauthorized access with an organization-wide blast radius,” Oasis said.
In a statement to Oasis that was published in the report, Cursor said that its platform operates with Workplace Trust deactivated by default since it interferes with some of the core automated features that users routinely depend on.
“We recommend either enabling Workspace Trust or using a basic text editor when working with suspected malicious repositories,” the company said.
Also: That new Claude feature ‘may put your data at risk,’ Anthropic admits
Cursor also told Oasis that it would soon publish updated security guidelines regarding the Workspace Trust feature.
How to stay protected
The solution, then, is to simply enable the Workplace Trust feature in Cursor. To do this, add the following security prompt to settings, and then restart the program:
{
“security.workspace.trust.enabled”: true,
“security.workspace.trust.StartupPrompt”: “always”
ZDNET has reached out to Cursor for further comment.