Cursor was able to read_file outside project directory

nritholtz · November 12, 2025, 6:29pm

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Inadvertently the agent was able to read a file outside the project directory in a conversation. I was able to reproduce in a simple use case, this used to be not allowed and protected us from exposure of sensitive files outside the project dir.

Steps to Reproduce

See screenshot.

Expected Behavior

Cursor should never allow the agent read_file outside the project directory, unless explicitly added to context somehow.

Screenshots / Screen Recordings

Operating System

MacOS

Current Cursor Version (Menu → About Cursor → Copy)

Version: 2.0.69 (Universal)
VSCode Version: 1.99.3
Commit: 63fcac100bd5d5749f2a98aa47d65f6eca61db30
Date: 2025-11-07T18:21:29.650Z
Electron: 37.7.0
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Darwin x64 23.6.0

For AI issues: which model did you use?

Model: sonnet 4, gpt5

Does this stop you from using Cursor

No - Cursor works, but with this issue

sanjeed5 · December 1, 2025, 12:27pm

Thanks for the report. Can you please check if you’re still facing this issue on the latest version?
You can get the latest version from Download · Cursor

Topic		Replies	Views
Cursor IDE agent made changes outside of the open directory Bug Reports	1	27	November 21, 2025
AI agent bypassing security restrictions, hacks its access to restricted files Bug Reports	2	230	August 9, 2025
Cursor agent leaking another user's code to my IDE Bug Reports	2	37	October 14, 2025
Cross-project file deletions Bug Reports	3	18	December 11, 2025
Cursor is having trouble finding open files Bug Reports	2	33	November 28, 2025