Vulnerability in Cursor AI Editor Allows PC Takeover

Vulnerability in Cursor AI editor allows covert PC takeover.

Opening a project folder in certain code editors can lead to the covert execution of malicious commands. According to SlowMist, users of Cursor AI are particularly vulnerable to this flaw.

🚨SlowMist TI Alert🚨

If you’re doing Vibe Coding or using mainstream IDEs, be cautious when opening any project or workspace. For example, simply using “Open Folder” on a project may trigger system command execution — on both Windows and macOS.

⚠️ Cursor users: especially at… pic.twitter.com/9pNgqKoZKm

— SlowMist (@SlowMist_Team) January 8, 2026

The vulnerability affects popular development environments and tools for Vibe Coding, where programming is delegated to large language models.

The attack mechanism involves creating a project with a specific structure. If a developer opens such a folder using the standard Open Folder function, a malicious command is automatically executed on their device. The threat is relevant for both Windows and macOS.

According to experts, several users of the Cursor AI editor have already fallen victim to the campaign. The exact damage is unknown.

The founder of SlowMist, known by the pseudonym Cos, has already passed information about the incident to the platform’s security team.

给 @cursor_ai 发漏洞细节 + PoC + 相关截图，希望尽快解决这个问题。 pic.twitter.com/v5zWCdhVpW

— Cos(余弦)😶‍🌫️ (@evilcos) January 8, 2026

At the time of writing, Cursor has not commented on the vulnerability reports.

Web3 researcher known as DeFi Teddy recommended users employ separate devices for Vibe Coding and cryptocurrency storage.

基于slowmist老板 @evilcos 的提醒，增加一些vibe coding的安全告知

— cursor/codex/claude code这些程序的权限很高，基本可以操控你个人电脑
— cursor 打开项目文件的时候，可能会自动执行下面的文件

所以重要的安全tips有2个

— 安装vibe coding 的电脑需要和web3电脑分开
-… https://t.co/pXq6Bhs4QG

— DeFi Teddy (@DeFiTeddy2020) January 8, 2026

“Never open or download projects in Cursor from unverified or suspicious sources (such as random repositories on GitHub) whose security is not confirmed,” he added.

In September, Oasis Security specialists discovered a similar vulnerability in the program. It allowed malicious code to be embedded, taking control of the workspace and stealing API tokens without any user commands.

Cursor is an IDE based on Visual Studio Code with built-in AI tools. The project is integrated with popular chatbots like ChatGPT and Claude.

The platform is popular among developers: according to media reports, about a million people use it, generating over a billion lines of code daily. In May, the company behind Cursor, Anysphere, raised $900 million at a valuation of $9 billion.

Back in July, the cybersecurity service Tracebit found a vulnerability in Google’s Gemini. It allowed the stealthy execution of malicious commands if a user viewed suspicious code with the help of a neural network.