A high-severity vulnerability (CVE-2026-26268) in Cursor, an AI-powered coding environment, allows attackers to execute arbitrary code remotely on a developer’s machine by simply getting them to clone a malicious Git repository. The exploit leverages legitimate Git features—embedded bare repositories and Git hooks—triggering malicious scripts automatically without user interaction when the Cursor AI agent processes the repository, posing a significant risk to developer environments and organizational infrastructure.
https://cybersecuritynews.com/cursor-ai-coding-agent-vulnerability/

