PatchSiren

Anysphere, Inc. CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Anysphere, Inc. CVE published 2026-07-17

CVE-2026-63093

CVE-2026-63093 is a remote code execution vulnerability in Cursor for Windows version 3.2.16. The vulnerability allows remote attackers to execute arbitrary code by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves and executes the workspace-resident git.exe during IDE startup and on a recurring timed ca [truncated]