Where does the bug appear (feature/product)?
Cursor IDE
Describe the Bug
Cursor freezes and becomes unresponsive whenever the Agent uses the GitHub MCP to fetch PR comments or reviews. The renderer process pegs at 100% CPU and never recovers without manually clearing the chat history DB.
Steps to Reproduce
- Configure the official GitHub MCP server
- Open a new Agent chat
- Ask the agent to review comments on any PR that has CodeRabbit or similar bot comments (they contain badge images and markdown links)
- Agent calls get_pull_request_comments or get_pull_request_reviews
- Cursor becomes unresponsive
Operating System
MacOS
Version Information
Environment:
- Cursor 0.46.x (build 2.6.21)
- macOS 14
- GitHub MCP server
github-mcp-server
Additional Information
Stack trace from ~/Library/Application Support/Cursor/logs/*/main.log:
at RegExp.exec ()
at y.link (workbench.desktop.main.js:870:908)
at u.inlineTokens (workbench.desktop.main.js:884:1416)
at u.lex (workbench.desktop.main.js:871:110)
Root cause
ReDoS (Regular Expression Denial of Service) in the y.link regex of the bundled marked.js. GitHub MCP responses contain markdown patterns like
text and image badges like  that cause catastrophic backtracking in the link tokenizer.
Workarounds I found
- Clear the chat history DB to recover after a freeze:
sqlite3 ~/Library/Application\ Support/Cursor/User/globalStorage/state.vscdb \ "DELETE FROM cursorDiskKV WHERE key LIKE 'agentKv:blob:%';" - Replace the GitHub MCP with a wrapper that sanitizes all text patterns before returning to Cursor β this alone prevents the crash.
- Replace the GitHub MCP with a wrapper that calls gh CLI directly instead of the REST API. The agent treats the output the same way it treats
Bash tool output, bypassing the markdown renderer entirely.
The fact that workarounds 2 and 3 both fix the issue confirms the crash is specifically in the inline markdown renderer, not in the MCP
infrastructure or the network layer.
Does this stop you from using Cursor
No - Cursor works, but with this issue