Cursor AI coding agent flaw lets malicious repositories run code on developer machines

A Cursor vulnerability tracked as CVE-2026-26268 can let attackers run code on a developer’s machine through a malicious repository. The issue affects Cursor versions before 2.5 and has been fixed in version 2.5. The flaw matters because developers often clone public repositories as part of normal work. In this case, a malicious repository can abuse […] The post Cursor AI coding agent flaw lets malicious repositories run code on developer machines appeared first on VPN Central.