HIGH
Anysphere, Inc.
CVE published 2026-07-17
CVE-2026-63093
CVE-2026-63093 is a remote code execution vulnerability in Cursor for Windows version 3.2.16. The vulnerability allows remote attackers to execute arbitrary code by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves and executes the workspace-resident git.exe during IDE startup and on a recurring timed ca [truncated]