MCP Protocol Bug Let Attackers Execute Code in Cursor

Cursor Patched Flaw Days After Disclosure, Says Check Point Rashmi Ramesh (rashmiramesh_) • August 6, 2025

A security vulnerability in artificial intelligence-powered coding environment Cursor enabled silent remote code execution via the model context protocol, found security researchers.

See Also: Post-Quantum Cryptography - A Fundamental Pillar in the Future of Cybersecurity [ES]

Cursor integrates large language models into the coding workflow and enables users to interact with plugins and external tools through MCP, an open-source protocol introduced by Anthropic last year. MCP facilitates structured communication between agents, such as AI tools, and external data sources. Security researchers have already found multiple security flaws associated with it or its implementation (see: Serious Flaws Patched in Model Context Protocol Tools).

Researchers from cybersecurity firm Check Point team discovered that once a developer approved a configuration file for an MCP server in Cursor, any future changes to that file, including malicious ones, could be executed ...