What security issues do Cursor apps have?

Critical issues in Cursor apps

• **Prompt Injection in MCP Servers**: Malicious content in MCP tool responses can execute arbitrary commands. *(Observed: CVE-2025-54135 (CurXecute): Slack messages could trigger remote code execution.)*
• **Workspace Trust Exploitation**: Malicious .cursor/rules files execute when opening untrusted projects. *(Observed: The 'Rules File Backdoor' vulnerability affects both Cursor and Copilot.)*

High-severity issues

• **Code Suggestion Security Flaws**: AI suggests vulnerable patterns: SQL injection, hardcoded secrets, weak auth.
• **Supply Chain via Package Hallucination**: AI suggests non-existent packages that attackers could register.

Medium/low-severity issues

• **Privacy and Code Exfiltration**: Code sent to AI servers may expose proprietary logic or secrets.

Why these are the issues specific to Cursor

Cursor apps ship with a recognizable stack (supabase, firebase, postgres). The issue list above is what appears when you scan that specific combination. A Firebase-backed app would have a different top-5; a self-hosted Postgres deployment would have yet another. Context is everything.

What VAS checks in a Cursor scan

• **Secret Detection** — Scans your codebase for any API keys, tokens, or credentials that should be in environment variables.
• **Code Security** — Analyzes code patterns for common vulnerabilities like injection, XSS, and insecure dependencies.
• **Database Security** — Tests your database configuration for proper access controls and security policies.
• **Security Headers** — Verifies your deployed application has proper HTTP security headers configured.