Tag
CVE-2026-63093 describes a binary planting vulnerability in Cursor for Windows version 3.2.16 that allows a remote attacker to achieve arbitrary code execution by placing a malicious `git.exe` file in a crafted repository's root, which the Cursor IDE automatically executes during startup or on a recurring cadence when a developer opens the repository, running the malicious binary under the privileges of the current user.