CRITICAL: Cursor Replacing Valid URLs with Fabricated Discord Links

Issue:
Cursor occasionally replaces valid, intentionally provided Discord links (e.g., discord.gg/validServer) with fabricated or non-existent Discord URLs (e.g., discord.gg/[made_up_name]). This happens unpredictably during regular edits or generations made by Cursor.

Impact:
This led to one of our websites redirecting users to a fabricated Discord URL (discord.gg/[made-up-name]), which initially did not exist. A malicious actor later exploited this by creating a Discord server at that URL, posing significant security risks to users who were redirected unknowingly. The original, correct URL was overwritten without our consent or awareness.

Replication Challenge:
The issue occurs randomly, making it difficult to reliably reproduce. It has happened three separate times without clear triggers or explicit instructions to alter URLs.

Expected Behavior:
Cursor should never alter or fabricate URLs, especially Discord server addresses. Explicitly provided URLs must remain unchanged unless explicitly instructed otherwise.

Recommended Action:
Cursor should implement safeguards at the prompt or processing level to prevent automatic URL replacements or fabrications, particularly for sensitive links such as Discord addresses.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.