**Name of the Vulnerable Software and Affected Versions:**

Cursor versions 1.2.4 and below

**Description:**

Cursor is a code editor built for programming with AI. A flaw allows attackers to achieve remote and persistent code execution by modifying a trusted Model Context Protocol (MCP) configuration file within a shared GitHub repository or locally on the target machine. Once a collaborator accepts a harmless MCP, an attacker can silently replace it with a malicious command, such as `calc.exe`, without any warning or re-prompt. This is possible if the attacker has write permissions to a user's active branches containing existing MCP servers or has arbitrary local file-write access.

**Recommendations:**

Cursor versions prior to 1.3 are affected.

Update to version 1.3 to address this issue.