CVE-2026-26268 is a CVSS 8.1 high-severity vulnerability in the Cursor AI IDE that lets a malicious repository execute arbitrary code on a developer's machine the moment Cursor's agent performs a Git operation against it. There is no prompt injection, no user click, and no warning dialog. The agent's normal bootstrap flow is sufficient to trigger execution. The bug is patched in Cursor 2.5. Every version prior to 2.5 is affected. How the Mechanism Works Cursor's agent operates with significant autonomy inside a workspace. When you open a new project, the agent indexes the codebase, summarizes structure, offers to set up the dev environment, and performs Git operations as part of that bootstrap. The vulnerability allows a repository to ship a .git/hooks/ configuration containing arbitrary shell commands. Git hooks are scripts that Git executes at specific points in the workflow (pre-commit, post-checkout, post-merge, etc.).…