Check Point Research has identified a critical vulnerability in the developer tool Cursor that allows attackers to modify code without the responsible development team being aware.
Cursor is one of the fastest-growing AI-powered coding tools among developers today. It combines local code editing with large language models (LLMs) integrated into the application to help teams write, debug, and explore code more efficiently.
The vulnerability was found in Cursor’s Model Context Protocol (MCP), which supports remote code execution (RCE). Once a user approves an MCP configuration, the flaw allows an attacker to secretly modify that configuration. Malicious commands can therefore run each time the project is opened, without alerting the responsible teams.
This risk in Cursor is not theoretical: it is a real-world vulnerability. In shared coding environments, the flaw can turn a trusted MCP into a hidden point of compromise. For organizations that rely on AI tools like Cursor, the consequences can be severe, including sustained unauthorized access to developers’ machines, credentials, and codebases.
When Check Point Research discovered the issue, they immediately notified Cursor’s development team on July 16, 2025. Cursor then released an update (version 1.3) on July 29. Although the release notes did not explicitly reference the vulnerability, Check Point Research’s independent tests confirm that the problem has been effectively remediated.
Risks of AI-driven development tools
As AI-driven development environments become more embedded in software workflows, Check Point Research has focused on evaluating security across these tools—particularly in collaborative settings where code, configuration files, and AI-based plugins are shared among teams and environments.
The discovery of the Cursor vulnerability highlights a critical security challenge for AI-enabled development tools. As organizations increasingly rely on integrated AI workflows, ensuring those workflows are secure and resilient is essential.
Check Point Research urges developers, security teams, and organizations to review their AI development environments, audit shared configurations, and work closely with vendors to address emerging threats. Only through proactive security measures can organizations safely harness the benefits of AI in software development.
For a detailed technical analysis of the Cursor vulnerability, see Check Point Research’s report.