Open Source Beat

Code snippet showing Cursor-generated wildcard CORS config in Express app

Cursor's Wildcard CORS Blunder: 80% of AI-Generated Backends Are Vulnerable

Audited 25 Cursor projects last quarter: 20 had wildcard CORS in prod. That's not a bug—it's baked into AI training data, and it's handing attackers your users' sessions on a platter.

3 min read 4 hours ago

#wildcard CORS

Cursor's Wildcard CORS Blunder: 80% of AI-Generated Backends Are Vulnerable

Stay in the loop