Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Cisco Catalyst Center Vulnerability Allows Remote Attackers to Read Arbitrary Files
July 2, 2026
Mapbox Flaw Lets Hackers Target Vulnerability Researchers with Python RAT
July 2, 2026
FCC Bans Chinese Telecom Equipment From Huawei, ZTE, Others Over Security Risks
July 2, 2026
Home/CyberSecurity News/Critical Cursor AI Extension Bug Exposes Developer Tokens
CyberSecurity News

Critical Cursor AI Extension Bug Exposes Developer Tokens

Key Takeaways A critical access-control vulnerability (CVSS 8.2) has been discovered in Cursor, an AI-powered coding environment. The flaw allows malicious extensions to steal sensitive developer API...

Marcus Rodriguez
Marcus Rodriguez
April 30, 2026 3 Min Read
44 0

Key Takeaways

  • A critical access-control vulnerability (CVSS 8.2) has been discovered in Cursor, an AI-powered coding environment.
  • The flaw allows malicious extensions to steal sensitive developer API keys and session tokens.
  • The issue stems from Cursor storing credentials in an unprotected local SQLite database without proper access controls.
  • As of April 28, 2026, the vulnerability remains unpatched, with the vendor stating it is the user’s responsibility to install trusted extensions.

Critical Flaw in Cursor AI Exposes Developer Credentials

A severe security vulnerability, identified as CVE-2026-XXXX (CVSS score 8.2), has been uncovered in Cursor, a popular AI-driven coding platform. This high-severity flaw could lead to the complete compromise of developer credentials, including API keys and session tokens, posing a significant risk to users.

Table Of Content

  • Key Takeaways
  • Critical Flaw in Cursor AI Exposes Developer Credentials
  • Underlying Technical Details
  • Potential Impact of Credential Theft
  • Vendor Response and Status
  • What You Should Do

Security researchers at LayerX discovered that the architectural design of Cursor permits any installed extension to surreptitiously access a developer’s API keys and session tokens. This unhindered access bypasses typical security safeguards, enabling a total credential compromise without triggering alerts or requiring user interaction.

Underlying Technical Details

Unlike many secure applications that leverage protected operating system keychains for storing sensitive data, Cursor stores these critical credentials in an unencrypted, local SQLite database. This database is located at ~/Library/Application Support/Cursor/User/globalStorage/state.vscdb on affected systems.

The core of the vulnerability lies in Cursor’s lack of robust access control boundaries between its extensions and this sensitive database. Consequently, any installed extension, regardless of its origin or perceived trustworthiness, can read the contents of this file. The exploit requires no special privileges, making it trivial for a rogue add-on to extract plaintext data.

The exploitation process is straightforward and requires minimal attack complexity. A realistic attack scenario unfolds as follows:

  • An attacker publishes an extension that appears legitimate, such as a custom theme or a productivity tool, to the Cursor marketplace.
  • A developer installs this seemingly innocuous extension without receiving any security warnings about potential credential access.
  • The malicious extension then silently queries the local SQLite database to retrieve stored API keys and session tokens.
  • Finally, the stolen data is exfiltrated to a remote server controlled by the attacker, all without any visible changes to the user interface or system alerts.

Potential Impact of Credential Theft

Given the widespread adoption of third-party AI services within the Cursor environment, the repercussions of this vulnerability could be substantial. Stolen credentials create a direct pathway to several critical risks:

  • Full exposure of session tokens, granting unauthorized access to backend services.
  • Compromise of linked AI accounts from providers such as OpenAI, Google, or Anthropic.
  • Significant financial losses due to attackers racking up automated usage charges on compromised API keys.
  • Unauthorized access to private data, historical chat prompts, and other sensitive code metadata.

Vendor Response and Status

LayerX initially reported this critical issue to Cursor on February 1, 2026. Cursor’s security team acknowledged the report on February 5, but indicated that extensions operate within the same local trust boundary as the user. They contended that any local application with filesystem access could potentially read this data.

As of April 28, 2026, the vulnerability remains unpatched. The vendor’s stance is that it is solely the user’s responsibility to install only trusted extensions. However, security experts strongly advocate for Cursor to implement stringent isolation boundaries between extensions and to migrate sensitive credentials to encrypted, system-level storage solutions, such as the Windows Credential Manager or macOS Keychain, to properly secure user data.

What You Should Do

  • Until a permanent fix is deployed by Cursor, developers should exercise extreme caution and meticulously audit all installed extensions.
  • Avoid downloading and installing unverified or untrusted tools from the marketplace.
  • Consider limiting the use of sensitive API keys within the Cursor environment if possible.
  • Regularly rotate API keys and monitor for any unauthorized activity on linked AI service accounts.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitSecurityVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Critical Linux Kernel Vulnerability CVE-2023-4911 Allows Root Access

Next Post

Europol dismantles €50M online fraud network using scam call centers

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks
July 2, 2026
Chrome API Flaw Exposes Android Photos to Ransomware
July 2, 2026
WinRAR 7.23 Patches Critical Heap Overflow Vulnerability CVE-2024-XXXX
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us