Skip to content

Hide Navigation Hide TOC

Cursor MCP JSON Zero-Click Configuration RCE (CVE-2025-54136) - ATR-2026-00419 (69da10d0-d7de-53c4-b0ba-bbdcd8909168)

Detects exploitation of CVE-2025-54136 in Cursor and the same-class issue surfaced by the OX Security MCP-by-design batch (2026-04-15) across Windsurf, Claude Code, Gemini CLI, and GitHub Copilot. The IDE's MCP config file (.cursor/mcp.json or equivalent) is auto-loaded on workspace open and treats the command and args fields as OS exec targets. An attacker who can modify this file via supply chain (npm package post-install, malicious .vscode/.cursor commit, repo template) achieves zero-click RCE the moment a developer opens the project. No prompt, no consent dialog.

Cluster A Galaxy A Cluster B Galaxy B Level
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Cursor MCP JSON Zero-Click Configuration RCE (CVE-2025-54136) - ATR-2026-00419 (69da10d0-d7de-53c4-b0ba-bbdcd8909168) Agent Threat Rules 1
Cursor MCP JSON Zero-Click Configuration RCE (CVE-2025-54136) - ATR-2026-00419 (69da10d0-d7de-53c4-b0ba-bbdcd8909168) Agent Threat Rules Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 1
Cursor MCP JSON Zero-Click Configuration RCE (CVE-2025-54136) - ATR-2026-00419 (69da10d0-d7de-53c4-b0ba-bbdcd8909168) Agent Threat Rules ML Supply Chain Compromise (d2cf31e0-a550-4fe0-8fdb-8941b3ac00d9) MITRE ATLAS Attack Pattern 1
AI Model Inference API Access (90a420d4-3f03-4800-86c0-223c4376804a) MITRE ATLAS Attack Pattern Cursor MCP JSON Zero-Click Configuration RCE (CVE-2025-54136) - ATR-2026-00419 (69da10d0-d7de-53c4-b0ba-bbdcd8909168) Agent Threat Rules 1
Cursor MCP JSON Zero-Click Configuration RCE (CVE-2025-54136) - ATR-2026-00419 (69da10d0-d7de-53c4-b0ba-bbdcd8909168) Agent Threat Rules Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 1
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 2