This article was originally published on LucidShark Blog . The path from "open a public repository" to "attacker runs code on your machine" used to require social engineering, a phishing link, or a compromised package. CVE-2026-26268 eliminated all of that. Published in early 2026 by Novee Security, this vulnerability in Cursor, one of the most popular AI-powered IDEs, turns a routine git checkout operation into arbitrary code execution. No malicious package. No suspicious prompt. Just an embedded bare repository with a pre-commit hook, and an AI agent that follows instructions without questioning them. CVE-2026-26268 (HIGH) : Cursor IDE AI agent executes malicious pre-commit hooks embedded in public repositories during autonomous git operations. No user interaction required beyond opening the repository. The Attack in Three Steps Understanding this CVE requires understanding one underappreciated fact about Git: a repository can contain another repository.…