This document outlines Cursor's vulnerability disclosure policy. For more information about Cursor's approach to security, please visit cursor.com/security.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please email us at security-reports@cursor.com with details and steps to reproduce.

We commit to acknowledging vulnerability reports immediately, and will work to fix active vulnerabilities as soon as we can. Critical incidents will be communicated via email to all affected users.

We appreciate your help in making Cursor more secure for everyone. Thank you for your support and responsible disclosure.