Hi @Cambo, sorry you had issue connecting Composio to Cursor, tho I would like to inform you that composio has been actively dealing with a security incident, and that it was still ongoing to this day, I also had similar issue with some of my services, and I’m now 100% sure this has to be caused by this secutiry issue, see link for more detail Composio May 2026 Security Incident | Composio
Hey, the error is coming from Composio connect.composio.dev/mcp, not from Cursor. Their endpoint requires an Authorization: Bearer or x-consumer-api-key header before the OAuth flow starts.
@Tom_Coustols pointed in the right direction above. Composio currently has an active security incident: Composio May 2026 Security Incident | Composio. That’s probably what’s breaking the connection flow. It makes sense to wait until they roll back or fix it.
Once things are back to normal, Composio MCP still requires you to manually set the API key in headers in .cursor/mcp.json, per their official Cursor instructions. Without that header, the server will block requests with the same message.
If the error is still there after they fix the incident, share your mcp.json here with secrets removed and we’ll check the config.
