Cursor updated my .env

MarceloDiani · January 27, 2026, 11:36am

This is not really a bug but just to you know what happened yesterday. Even with the .env protection activated in the Cursor settings, the agent executed something like

cat .env.example > .env

What cleared my whole .env. It’s not a big problem and I don’t know if there is some solution for it to not happen again except removing the “Run everything“ config in my side.

Thank you.

deanrie · January 29, 2026, 11:48am

Hey, thanks for the feedback. The situation makes sense. Protecting .env in Cursor settings blocks indexing and adding the file to context, but it does not prevent running terminal commands.

When “Run everything” is enabled, the agent can run any commands without approval, including redirect operators like cat file > .env, which can bypass file-level protection.

What you can do:

Turn off “Run everything” so commands will require approval
If you want partial automation, use an allowlist for specific safe commands, but avoid >, >>, rm, and similar operators
Sandbox mode with an allowlist is also an option, but allowlists are best-effort protection and bypasses are still possible

More on security settings: Agent Security | Cursor Docs

Topic		Replies	Views
Cursor is reading .env Feedback privacy-mode , security	5	165	January 30, 2026
.cursorignore ignored for command prompt functions Bug Reports terminal , rules , security	3	31	February 7, 2026
Cursor IDE agent made changes outside of the open directory Bug Reports	2	109	December 13, 2025
Cursor keeps trying to access sensitive env variables even though .env is ignored Help	3	231	December 31, 2025
.env Content is Being Captured With Command Bug Reports	2	38	January 6, 2026

Cursor updated my .env

Related topics