Philts

**Name of the Vulnerable Software and Affected Versions** Cursor versions 1.6.23 and below **Description** Cursor IDE has case-sensitive checks when protecting sensitive files, such as `/.cursor/mcp.json`. This allows attackers to modify these files through prompt injection, potentially leading to remote code execution (RCE). This is possible on case-insensitive file systems. A prompt injection can result in full RCE by modifying sensitive files. **Recommendations** Update to version 1.7 or later.