Cursor CVE-2026-26268 — Autonomous AI Agents Trigger Git Hook RCE on Developer Machines

Summary

CVE-2026-26268, disclosed by Cursor in February 2026 and analyzed in detail by Novee's Assaf Levkovich, is a high-severity remote code execution vulnerability triggered when the Cursor AI agent autonomously runs `git checkout` against a repository containing a malicious bare-repo configuration with pre-commit hooks. The exploit requires no further user interaction — the moment the agent touches the compromised repository the hook fires and runs attacker-controlled code on the developer machine.