Cursor Patched Flaw Days After Disclosure, Says Check Point. Check Point researchers found a RCE flaw in Cursor, an AI-powered code editor, by manipulating a previously approved model context protocol configuration. Once a developer approved a configuration file for an MCP server, any future changes to that file could be executed without further prompts.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/mcp-protocol-bug-let-attackers-execute-code-in-cursor-a-29140
