CVE-2025-59944 · critical
Cursor sensitive-file protection bypass
Cursor 1.6.23 and earlier.
Update to Cursor 1.7 or later and review repository-controlled AI configuration before trust is granted.
CapitalGuard Observatory · Tool record
Anysphere · coding agent
Cursor combines an AI editor with codebase context, indexing, agent features, model providers, extensions, web search, and optional background or connected tools.
Public-Control Score
84
Substantial public control coverage
Measures publicly documented control coverage as of the review date. It is not a breach rate, penetration test, endorsement, or guarantee of safety.
Scored dimensions
This record is reviewed against the same five-dimension rubric used across every scored product.
Read MethodologyOfficial material provides extensive operational detail for access and scope transparency.
Official material names concrete controls and meaningful boundaries for data and retention controls.
Official material provides extensive operational detail for connector and permission controls.
Official material provides extensive operational detail for action, approval, and isolation controls.
Official material names concrete controls and meaningful boundaries for audit and administrative evidence.
Documented access points
open files and editor context
codebase indexing and embeddings
agent commands, extensions, web search, and MCP tools
Settings to verify now
Privacy Mode and codebase indexing
.cursorignore and workspace scope
Agent, extension, web, network, and MCP permissions
Linked security signals
CVE-2025-59944 · critical
Cursor 1.6.23 and earlier.
Update to Cursor 1.7 or later and review repository-controlled AI configuration before trust is granted.
CVE-2026-22708 · high
Cursor 2.2 and earlier in the affected configuration.
Update to Cursor 2.3 or later and avoid treating command-name allowlists as a complete execution boundary.
CGO-RESEARCH-2026-05 · informational
Agentic systems that combine untrusted content, private context, and action-capable tools.
Project trusted provenance, restrict capabilities before generation, and validate outputs before execution.
Linked evidence
Private file access
Cursor Private File Access: What to Check
Credential exposure
Cursor API Key Exposure: Check Before You Share
Client confidentiality
Cursor Client Data Safety for Freelancers
Prompt injection
Cursor Prompt Injection: A Practical Defense
Connector permissions
Cursor Connector Permissions: Review the Real Scope
Command execution
Cursor Command Execution: Keep Control
Unsafe generated code
Cursor Generated Code Risks: Review Before You Run
History and sharing
Cursor Chat History and Shared Links: Privacy Check
Accidental oversharing
Cursor Sensitive Data: What Not to Paste
Autonomous actions
Cursor Autonomous Actions: Approval Safety Guide