Headline: Уязвимость в Cursor AI: опасные команды могут быть запущены в случае открытия проектов Translation: Vulnerability in Cursor AI: Dangerous Commands May Execute Upon Opening Projects

Opening a project folder in certain code editors could inadvertently trigger the execution of malicious commands. According to SlowMist, users of Cursor AI are particularly vulnerable to this exploit.

The vulnerability affects popular development environments and tools for Vibe Coding, where programming tasks are assigned to large language models.

The attack mechanism is based on creating a project with a specific structure. If a developer accesses such a folder using the standard Open Folder function, a malicious command will execute automatically on their device. This threat is relevant for both Windows and macOS.

Experts have reported that several users of the AI editor Cursor have already fallen victim to this campaign, although the exact extent of the damage remains unknown.

Cos, the founder of SlowMist, has already informed the security team of the platform about the incident.

As of the time of writing, Cursor has not yet commented on the vulnerability reports.

DeFi Teddy, a Web3 researcher, advised users to utilize separate devices for Vibe Coding and cryptocurrency storage.

*»Never open projects in Cursor or download from unverified or suspicious sources (such as random GitHub repositories) whose safety cannot be confirmed,»* he added.

In September, specialists from Oasis Security discovered a similar vulnerability in a program that allowed for the injection of malicious code, seizing control of the working environment and stealing API tokens without any action required from the user.

Cursor is an IDE based on Visual Studio Code, integrated with built-in AI tools. The project connects with popular chatbots like ChatGPT and Claude.

The platform is widely used among developers; media reports indicate that around one million users generate over a billion lines of code daily. In May, Anysphere, the company behind Cursor, raised $900 million at a $9 billion valuation.

It is worth noting that in July, the cybersecurity service Tracebit found a vulnerability in Google’s Gemini, which allowed for unnoticed execution of malicious commands when users viewed suspicious code through a neural network.