Adversa AI Trusted AI Blog · July 15, 2026

The Cursor deeplink vulnerability that turns a “review this PR” click into remote code execution

Why it matters

Adversa AI describes DeepJack, a Cursor deeplink weakness in which a crafted cursor:// link can register an attacker-controlled MCP server and hide the command that will execute behind an incomplete installation prompt.

My takeaway: Treat MCP installation links and approval dialogs as code-execution boundaries: show the complete command and configuration, verify the server source, sandbox execution, and require explicit review before enabling it.