This 'critical' Cursor Security Flaw Could Expose Your Code To Malware - How To Fix It

Shalitha Ranathunge/iStock/Getty Images Plus via Getty Images

Follow ZDNET: Add america arsenic a preferred source on Google.

ZDNET's cardinal takeaways

• A study recovered hackers tin utilization an autorun characteristic successful Cursor.
• The threat is "significant," but there's an easy fix.
• Cursor uses AI to assistance pinch code-editing.
  

A caller study has uncovered what it describes arsenic "a captious information vulnerability" successful Cursor, nan celebrated AI-powered code-editing platform.

The report, published Wednesday by package institution Oasis Security, recovered that codification repositories wrong Cursor that incorporate nan .vscode/tasks.json configuration tin beryllium instructed to automatically tally definite functions arsenic soon arsenic nan repositories are opened. Hackers could utilization that autorun characteristic via malware embedded into nan code.

Also: I did 24 days of coding successful 12 hours pinch a $20 AI instrumentality - but there's 1 large pitfall

"This has nan imaginable to leak delicate credentials, modify files, aliases service arsenic a vector for broader strategy compromise, placing Cursor users astatine important consequence from proviso concatenation attacks," Oasis wrote. 

While Cursor and different AI-powered coding devices for illustration Claude Code and Windsurf person go celebrated among package developers, nan exertion is still fraught pinch bugs. Replit, different AI coding adjunct that debuted its newest agent earlier this week, precocious deleted a user's full database.

The information flaw

According to Oasis' report, nan problem is rooted successful nan truth that Cursor's "Workplace Trust" characteristic is abnormal by default. 

Basically, this characteristic is intended to beryllium a verification measurement for Cursor users truthful that they only tally codification that they cognize and trust. Without it, nan level will automatically tally codification that's successful a repository, leaving nan model unfastened for bad actors to surreptitiously gaffe successful malware that could past jeopardize a user's strategy -- and from there, perchance dispersed passim a broader network.

Also: I asked AI to modify mission-critical code, and what happened adjacent haunts me

Running codification without nan Workplace Trust characteristic could unfastened "a nonstop way to unauthorized entree pinch an organization-wide blast radius," Oasis said. 

In a connection to Oasis that was published successful nan report, Cursor said that its level operates pinch Workplace Trust deactivated by default since it interferes pinch immoderate of nan halfway automated features that users routinely dangle on. 

"We urge either enabling Workspace Trust aliases utilizing a basal matter editor erstwhile moving pinch suspected malicious repositories," nan institution said.

Also: That caller Claude characteristic 'may put your information astatine risk,' Anthropic admits

Cursor besides told Oasis that it would soon people updated information guidelines regarding nan Workspace Trust feature. 

How to enactment protected

The solution, then, is to simply alteration nan Workplace Trust characteristic successful Cursor. To do this, adhd nan pursuing information punctual to settings, and past restart nan program:

{

"security.workspace.trust.enabled": true, 

"security.workspace.trust.StartupPrompt": "always"

ZDNET has reached retired to Cursor for further comment.