PROBLEM

CursorJack abuses cursor:// links to trigger arbitrary command execution

CursorJack can exploit cursor:// links in MCP installs with executable configs to run local commands or link to a malicious server.

Updated: 4/5/2026

Implement proper security measures to prevent such abuse of MCP installations.

Did this solve your problem?

0 developers found this helpful