No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 17 Jul 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Anysphere
Anysphere cursor |
|
| Vendors & Products |
Anysphere
Anysphere cursor |
Fri, 17 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves and executes the workspace-resident git.exe during IDE startup and on a recurring timed cadence without any user interaction, running the malicious binary under the privileges of the current user. | |
| Title | Cursor for Windows 3.2.16 RCE via Malicious git.exe in Workspace | |
| Weaknesses | CWE-426 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-17T15:08:59.355Z
Reserved: 2026-07-15T15:45:44.601Z
Link: CVE-2026-63093
Updated: 2026-07-17T15:08:54.063Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T16:30:17Z
-
CWE-426
Untrusted Search Path