An unpatched vulnerability in Cursor on Windows could allow attackers to achieve code execution via malicious repositories.