HomeIntelligenceBrief
🔓 BREACH BRIEF🟠 High🔍 ThreatIntel

CursorJack Exploits Cursor IDE Deeplinks for Remote Code Execution

Proofpoint researchers identified a new technique, CursorJack, that abuses Cursor IDE's custom URL scheme to execute arbitrary commands or install a malicious remote MCP server after a single user click. The flaw poses a high‑impact risk to development environments and downstream supply‑chain partners.

🛡️ LiveThreat™ Intelligence · 📅 March 17, 2026· 📰 proofpoint.com
🟠
Severity
High
🔍
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
proofpoint.com

CursorJack Exploits Cursor IDE Deeplinks for Remote Code Execution

What Happened — Researchers discovered a technique, dubbed CursorJack, that abuses the cursor:// protocol handler in Cursor IDE to trigger arbitrary command execution or install a malicious remote MCP server after a single user click and acceptance of an install prompt. The attack leverages maliciously‑crafted deeplinks and social‑engineering to drive execution.

Why It Matters for TPRM

  • Developer‑focused SaaS tools can become a conduit for supply‑chain compromise of code repositories and API keys.
  • Successful exploitation grants attackers footholds on privileged workstations, expanding lateral movement risk across partner networks.
  • The lack of visual distinction between benign and malicious deeplinks increases phishing success rates in enterprise environments.

Who Is Affected — Technology / SaaS vendors providing development environments, MSPs managing developer workstations, and any organization that integrates Cursor IDE into its software‑development lifecycle.

Recommended Actions

  • Review contracts and security questionnaires for Cursor IDE usage; verify that the vendor enforces strict protocol‑handler controls.
  • Deploy endpoint protection that blocks unknown custom URL schemes or requires admin approval for cursor:// links.
  • Conduct user‑awareness training focused on malicious deeplink phishing.
  • Monitor for anomalous MCP server registrations and enforce network segmentation for development assets.

Technical Notes — The cursor://anysphere.cursor-deeplink/mcp/install?name=<name>&config=<base64> scheme registers with the OS; when invoked, Cursor parses the base64‑encoded configuration and may execute the command parameter or connect to a remote MCP server defined by the url parameter. No CVE has been assigned; the vendor classified the report as out‑of‑scope. The exploit requires a user click and explicit acceptance of the install dialog, making it a high‑impact, low‑complexity phishing vector. Source: https://www.proofpoint.com/us/blog/threat-insight/cursorjack-weaponizing-deeplinks-exploit-cursor-ide

📰 Original Source
https://www.proofpoint.com/us/blog/threat-insight/cursorjack-weaponizing-deeplinks-exploit-cursor-ide

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

🛡️

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →