Cursor Vulnerability Exposes Developer API Tokens

Security researchers at LayerX disclosed a vulnerability named CursorJacking, which the published report assigns a CVSS 8.2 severity, according to reporting indexed by GBHackers Security on itsecuritynews.info. The report states that the flaw lets any installed extension in the Cursor development environment silently access a user's API keys and session tokens without requiring special permissions or explicit user interaction.

Editorial analysis - technical context: The report describes a permissions and isolation failure between the IDE host and extensions. Comparable extension ecosystems historically allow extensions broad runtime access unless the platform enforces strict capability scoping or sandboxing. Attack vectors that exploit extension privileges often exfiltrate secrets stored in memory, configuration files, or connected services.

For developers using AI-assisted IDEs, credential theft in an editor plug-in model increases the attack surface because extensions routinely request access to environment state, language servers, and networked APIs. Past high-severity extension vulnerabilities in other ecosystems have led to token leakage and supply-chain incidents that required rapid remediation and tightened permission models.

For practitioners: observers should watch for an official security advisory from Cursor or its maintainers, published mitigations or updates to extension permission controls, and indicators of compromise in developer environments. Security teams should audit installed extensions and their privileges following the disclosure.