GitHub Flaw: Repositories Can Run Code on Your PC Without Permission
▼ Summary
– A flaw in the Cursor extension allows unauthorized code execution when a folder is opened, even without user consent.
– The vulnerability stems from an “autorun” feature that triggers commands tied to workspace events like project opening.
– Malicious repositories can exploit this to steal credentials, alter files, or install persistent malware on developer machines.
– Experts note this reflects broader supply chain risks and a trend where security is sacrificed for rapid tool adoption.
– The issue highlights that developer tools are now part of the attack surface and require hardening like production infrastructure.
A significant security vulnerability has been identified within the Cursor extension for Visual Studio Code, enabling malicious repositories to execute unauthorized code on a developer’s machine simply by opening a project folder. This flaw leverages the extension’s autorun functionality, which is designed to automate tasks tied to workspace events but can be weaponized by attackers to trigger harmful actions without user consent.
Security researchers at Oasis Security uncovered the issue, noting that threat actors can embed hidden commands within repositories. When a user opens such a repository using Cursor, these commands run automatically, bypassing any prompts for approval. This represents a dangerous shift in software supply chain threats, moving beyond traditional dependency attacks to exploit routine developer actions.
The implications are severe. Attackers could potentially steal sensitive authentication tokens, tamper with local files, or install persistent malware directly into the development environment. According to Heath Renfrow, CISO at Fenix24, the default configuration in Cursor, which disables Workspace Trust, effectively turns the simple act of opening a folder into a pathway for full system compromise.
Developer workstations often house critical assets, including cloud credentials, API keys, and continuous integration access. Unauthorized code execution could expose these resources, leading to broader organizational breaches. Randolph Barr, CISO at Cequence Security, pointed out that Cursor has already been targeted multiple times in 2025, with vulnerabilities like CurXecute and MCPoison highlighting its attractiveness to attackers.
Trey Ford of Bugcrowd likened the vulnerability to older threats such as autorun.inf on removable media, emphasizing that modern development tools must learn from past security lessons. The rapid adoption and iterative development of tools like Cursor sometimes come at the expense of robust security controls, creating opportunities for exploitation.
This discovery serves as a critical reminder that development environments are increasingly targeted attack surfaces. They require the same rigorous security measures typically applied to production systems. As coding tools become more integrated and automated, ensuring they operate safely by default is essential to protecting both individual developers and the organizations they serve.
(Source: Info Security)
