High · CVSS 8.1 April 28, 2026 · Novee Security

Cursor IDE Git Hook RCE

When an AI Coding Agent Turns Git Hooks Into Workstation Code Execution

Novee Security researcher Assaf Levkovich disclosed CVE-2026-26268 on April 28, 2026 — a high-severity arbitrary code execution flaw in Cursor IDE versions before 2.5. Unlike traditional Git hook vulnerabilities that require a user to manually run a Git command, this attack exploits agentic IDE behavior: the AI coding agent autonomously performs Git operations in response to a user's innocuous request, unknowingly triggering malicious hooks embedded in attacker-controlled repositories. Developers don't need to do anything suspicious. Asking the agent to explain a codebase is enough.

1 CVE

8.1 CVSS Score

RCE Impact

v2.5+ Fixed In

"The agent performed a Git checkout on my behalf. I only asked it to explain the project. The hook ran before I knew what happened."

— Researcher demonstration, Novee Security

Members only

Full technical analysis, attack chain, IOCs, and the defensive checklist are available to registered members — free to join.

Primary source: Novee Security disclosure by Assaf Levkovich, April 28, 2026. Coordinated responsible disclosure with Anysphere prior to publication. This advisory is an independent defensive guide produced by Spectreworks AI for educational purposes only and is not affiliated with Novee Security or Anysphere.