Follow zdnet: Add us as a preferred source on Google.
ZDNET’s major takeovers
- The report revealed hackers can exploit the Autorun feature in the cursor.
- The danger is “significant,” but there’s an easy fix.
- Cursor uses AI to assist with code editing.
A new report has uncovered what it describes as a “critical security vulnerability” in Cursor, the popular AI-powered code editing platform.
A report published Wednesday by software firm Oasis Security found that code repositories in a cursor containing a .vscode/tasks.json configuration can be instructed to automatically run certain functions when the repositories are opened. Hackers could exploit this autorun feature by using malware embedded in the code.
Also: I did 24 days of coding in 12 hours with a $20 AI tool — but there’s one big flaw
“This has the potential to leak sensitive credentials, modify files, or serve as a broader vector of system compromise, putting cursor users at significant risk in supply chain attacks,” Oasis wrote.
While Cursor and other AI-powered coding tools like Claude Code and Windsurf have become popular among software developers, the technology is still plagued with bugs. Replit, another AI coding assistant that debuted its newest agent earlier this week, recently deleted its entire user database.
Lack of security
According to Oasis’ report, the problem stems from the fact that the Cursor’s “Workplace Trust” feature is disabled by default.
Essentially, this feature is intended as a verification step for Cursor users to only run code they know and trust. Without it, the platform will automatically run code that resides in the repository, leaving a window for bad actors to sneak in malware that could then compromise the user’s system — and from there potentially spread to the wider network.
Also: I asked an AI to modify mission-critical code, and what happened next haunts me
Running code without a workplace trust feature could open “a direct path to unauthorized access with an organization-wide blast radius,” Oasis said.
In a statement to Oasis, published in the report, Cursor said its platform operates with workplace trust disabled by default because it interferes with some key automated features that users regularly depend on.
“We recommend either enabling Workspace Trust or using a basic text editor when working with suspected malicious repositories,” the company said.
Also: This new Claude feature ‘could put your data at risk,’ Antropic admits
Cursor also told Oasis that it will soon publish updated security guidelines for the workspace trust feature.
How to stay protected
Then the solution is to simply enable the workplace trust feature in the cursor. To do this, add the following security prompt to the settings and then restart the program:
{
“Security.workspace.Trust.enabled”: true,
“Security.Workspace.Trust.startuprompt”: “always”
ZDNET has contacted Cursor for comment.
