Identify and address vulnerabilities from Cursor

Last updated: Mar 16, 2026

Fluid Attacks’ Cursor extension offers the following functions:

• See vulnerable file and code line
• Assign Temporarily accepted treatment
• Request reattacks
• Go to DB (links to Fluid Attacks’ documentation on vulnerabilities)
• Go to vulnerability on the platform
• View vulnerability description
• Get step-by-step remediation guides with Custom fix 
• Get automatic fixing suggestions with Autofix 

To access the above functions, either click on the Fluid Attacks extension in Cursor’s activity bar or click on repository files marked with a red dot in Cursor’s explorer. This page guides you through using these functions except for the last two, for which there are dedicated, more detailed pages.

See vulnerable file and code line

You can view vulnerabilities reported in the Fluid Attacks platform from the AI-powered IDE.

If starting from the Fluid Attacks extension icon, follow these steps:

1. Click on the Fluid Attacks icon in Cursor’s activity bar. You are then presented with a comprehensive list of weaknesses detected in your code.

   

   Notice that the letters next to the names of weaknesses inform you of their severity following the CVSS.

2. Click on the weakness of your interest to view all affected files.

   

3. Select a file of your interest to identify the line of code where the vulnerability is present, which is underlined with red.

   

If starting from Cursor’s explorer, follow these steps:

1. Open the project corresponding to the Git repository  that is tested by Fluid Attacks. Files with vulnerabilities are marked with red dots.

2. Click on the files to open them.

   

3. Identify the vulnerable lines of code, which have a red underline.

Assign Temporarily accepted treatment

Fluid Attacks allows you to accept vulnerabilities  up to a defined date.

To assign the ‘Temporarily accepted’ treatment starting from the Fluid Attacks extension icon, follow these steps:

1. Click on the Fluid Attacks icon in Cursor’s activity bar.

2. Expand the weakness you wish to explore by clicking on its name.

3. Click on a vulnerable file to see some icons appear. Click on the calendar icon to apply the ‘Temporarily accepted’ treatment to that vulnerability.

   

4. Write a justification for the acceptance, enter the date when it finalizes, and select your team member who is assigned this vulnerability. To confirm that the treatment was applied, wait until you receive a notification.

5. You may optionally refresh the view (Ctrl/Cmd + R) and observe whether the vulnerability’s underline changes from red to yellow, indicating that the temporary treatment has been applied.

If starting from Cursor’s explorer, follow these steps:

1. Click on the file to open it.
2. Right-click on the underlined code and locate the Accept Vulnerability Temporarily option.
3. Write the justification for the acceptance, enter the date when it finalizes, and select the member of your team who is assigned this vulnerability. To confirm that the treatment was applied, wait until you receive a notification.

Request reattacks

Reattacks  are the retests where Fluid Attacks verifies the effectiveness of the fixes you apply to your code.

To request reattacks starting from the Fluid Attacks extension icon, follow these steps:

1. Click on the Fluid Attacks extension in Cursor’s activity bar.

2. Expand the type of vulnerability you wish to explore by clicking on its name.

3. Click on a vulnerable file to see some icons appear.

4. Click on the shield icon to request a reattack.

   

5. Type in a description of the fix you applied and press Enter/Return. A notification is shown shortly confirming the successful delivery of the request.

6. You can refresh the view (Ctrl/Cmd + R) and observe whether the vulnerability’s underline changes from red to blue, indicating that the reattack was successfully requested.

If starting from Cursor’s explorer, follow these steps:

1. Click on the file to open it.
2. Right-click on the underlined code and locate the Request reattack option.
3. Type in a description of the fix you applied and press Enter/Return. A notification is shown shortly confirming the successful delivery of the request.

Go to DB and vulnerability on the platform

The Fluid Attacks Cursor extension offers you external links to Fluid Attacks’ database  (DB) and, separately, to the report of the vulnerability on the platform. Fluid Attacks’ DB is documentation that mainly presents the standards, requirements and weaknesses that determine the results of security testing.

If starting from the Fluid Attacks extension icon to access those external links:

1. Click on the extension in Cursor’s activity bar.
2. Right-click on the type of vulnerability of your interest.
3. Select between the options Go to DB and Go to Finding.

If starting from Cursor’s explorer, follow these steps to access the link to the DB:

1. Click on the file to open it.
2. Right-click on the vulnerable line and select Go to DB.

To access the link to the vulnerability on the platform, starting from Cursor’s explorer, do the following:

1. Click on the file to open it.

2. Locate the vulnerable line and hover your mouse cursor over it. A pop-up window appears, showing the definition and the external link.

   

3. Click on the link to the vulnerability  on the platform.

View vulnerability description

Fluid Attacks offers comprehensive documentation on its own classification of weaknesses .

To read Fluid Attacks’ description of a weakness, starting from the Fluid Attacks extension icon:

1. Click on the Fluid Attacks extension in Cursor’s activity bar.
2. Right-click on the weakness of your interest.
3. Select See Finding description. The current editor view splits to show you the corresponding information from Fluid Attacks’ documentation without leaving Cursor. This includes the information on attack vector, threat, severity score, and average remediation time.

If starting from Cursor’s explorer, follow these steps to view the vulnerability description:

1. Click on the file to open it.
2. Right-click on the vulnerable line and select See Finding description. The vulnerability description and other details are displayed at the right side of the editor.

Use the fix options

Fluid Attacks’ Cursor extension uses AI to generate fix suggestions. You have two features at your disposal:

• Custom fix: Generates a step-by-step guide telling you how to fix your code. Access it by clicking on a file and then on the wrench icon.

  

• Autofix: Automatically generates a suggested pull request fixing the code (special caution is advised when using this function, as it intends to make changes directly to your codebase). Access it by clicking on a file and then on the hammer and wrench icon.

  

Refresh button

Click the refresh button to ensure that actions such as reattack requests and treatment assignment are reflected in the extension.

Upon refreshing, vulnerability underlines update to reflect their status:

• Blue: Reattack requested
• Yellow: ‘Temporarily accepted’ treatment applied