Cursor AI Extension Vulnerability Exposes Developer Credentials
Why it matters: Indian organizations using Cursor AI for development must immediately assess their exposure and implement mitigation strategies to prevent developer credential compromise.
A high-severity vulnerability (CVSS 8.2) in the Cursor AI coding environment allows installed extensions to access developer API keys and session tokens. This flaw, discovered by LayerX, enables total credential compromise without triggering alerts or requiring user interaction. Unlike secure applications, Cursor stored sensitive secrets in an accessible manner, facilitating unauthorized access.
Source: Cybersecurity News