CyberSecurityBoardThreat Intel · CVEs · Products
Critical CVEs

CVE-2026-26268: Cursor Git Hook Injection

July 1, 2026

CVE-2026-26268 is a vulnerability in Cursor that hides a booby-trapped Git hook in a repository that fires the moment the agent runs a Git command. Patched in Cursor 2.5.