Modification of MCP Server Definitions Bypasses Manual Re-approval
Posted: Sun Aug 03, 2025 4:34 am
A vulnerability in Cursor AI allows an attacker to achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a collaborator accepts a harmless MCP, the attacker can silently swap it for a malicious command (e.g., calc.exe) without triggering any warning or re-prompt
https://github.com/cursor/cursor/securi ... -g4xr-4395
https://github.com/cursor/cursor/securi ... -g4xr-4395