Starting around 5 days ago I noticed many hundreds of thousands of oauth dynamic client registrations coming from cursor across different customers.
I opened cursor locally and did not see this behavior. I then updated my own cursor locally and immediately saw it in an infinite loop of client registrations. Closing cursor caused it to stop, and after opening cursor again I could not get this to reproduce.
A less critical but maybe related version of this bug can be reproduced by simply adding and removing an MCP server repeatedly. Open mcp.json and remove an MCP server, save the file. Undo to add it back while looking at remove server logs. Cursor registers two oauth clients (instead of just one) around 50% of the time.
Expected Behavior
Only one oauth client is created. Additionally consider caching the oauth client rather than recreating it on every new authentication (so that each instance only creates one oauth client instead of dynamically creating a new one on every auth)
Operating System
MacOS
Current Cursor Version (Menu → About Cursor → Copy)
I’ve seen over 670,000 registrations since the problem started (so averaging more than 100K per day), pretty much all due to this issue (daily registrations from next most popular MCP client is less than 100).
Our MCP server is in use by ~100 companies including many large fortune 500s - based on logs it looks like around 50 individual users are running buggy cursors version (that registered 1000 times or more), with the top user registering 113,000 times over a 48 hour period.
I was only able to reproduce this problem with my own cursor client on initial update, but it is still impacting our production systems - we had 60,000 client registrations over the past 24 hours
This is the kind of problem that would impact enterprise-level MCP builders the most. If this is not fixed, people who are using Cursor seriously for enterprise use cases won’t enjoy the experience. Can someone from Cursor team help here?