Remix.run Logo
wxw 2 hours ago

> The vulnerability was first identified by Mindgard on December 15, 2025. We reported it the same day and multiple times since. More than six months and 197+ new versions later, the issue remains present in the latest tested version of Cursor.

> The report was initially closed as Informative and out of scope. After we challenged that determination, HackerOne reopened the report, reproduced the issue, and confirmed that the details had been delivered to Cursor. And then everything stopped. Requests for updates went unanswered, additional follow-ups received no response, escalation through HackerOne produced no meaningful engagement, and direct outreach to Cursor leadership yielded the same result: no response.

Really unfortunate. I don't understand why there's such a lack of response on the Cursor side.

app13 2 hours ago | parent | next [-]

The CVE process itself is broken. HackerOne and company VDPs are inundated with new reports of varying quality thanks to the advancements (I think) in agentic AI. It's allowed for both an increase in trash-tier low quality AND legitimately high quality reports. Since the same AI's are writing both, its almost impossible to distinguish between the two at a surface level.

In response, companies just aren't responding like they used to. I spoke at a cybersecurity conference In June and the overwhelming "vibe" on the floor and in the talks was that responsible disclosure was dead or dying, and public disclosure is the way forward. The Microsoft and Nightmare Eclipse situation was oft cited.

demosthanos 38 minutes ago | parent [-]

As someone on the company response side of the HackerOne brokenness, I can confirm that this effect is real but would also note that the difficulty of distinguishing is not as severe as all that, because the companies have access to the source code which the researchers do not typically have access to.

This means that the token cost of verifying any given HackerOne report is dramatically lower than the token cost of producing a report in the first place. Automated triage systems should be possible, and realistically it's well within the capabilities of most companies to go further and actually automate the Red Team side of it and catch issues before they surface in the black box research. From what I've seen doing so should cost dramatically less in tokens than the bounty payouts do.

The problem is that security is woefully underfunded in most companies, so even an infosec organization that saw the deluge approaching from a distance may well not have had the resources to prep for it even if they knew exactly what actions they would take if they had them.

buran77 2 hours ago | parent | prev | next [-]

> I don't understand why there's such a lack of response on the Cursor side.

Too busy being acquired by SpaceX?

_AzMoo 2 hours ago | parent | prev | next [-]

It screams intentional to me.

sofixa 2 hours ago | parent | prev | next [-]

> Really unfortunate. I don't understand why there's such a lack of response on the Cursor side.

It's hard to vibe code security.

2 hours ago | parent | prev | next [-]
[deleted]
khurs 2 hours ago | parent | prev | next [-]

Perhaps its a intentional back door?

NSA/FBI puts a git.exe in GitHub for a target. Target pulls the repo and it executes the payload.

As Cursor is/was based on VS Code, does it happen in VS Code too?

oceansweep an hour ago | parent [-]

It’s a thing in VSCode as well/has been a thing or things similar to it : https://www.threatlocker.com/blog/malicious-vs-code-tasks-js... (2026)

https://www.reddit.com/r/programming/comments/zes1co/visual_... (2022)

solid_fuel 2 hours ago | parent | prev [-]

> I don't understand why there's such a lack of response on the Cursor side.

~~~To busy porting to their new rust-backed version of Bun to do anything boring like engineering, probably.~~~

EDIT:

My mistake, wrong owners. It's hard to keep these tools straight sometimes. Most of the LLM tooling and interfaces I've tried are heavy on the features but light on the engineering, and that seems to be the case here too.

manacit 2 hours ago | parent [-]

...that's Anthropic?