Lucene search
K

Cursor < 3.0 Multiple Sandbox Escapes

🗓️ 03 Jul 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 5 Views

Cursor before 3.0 has sandbox flaws enabling remote code execution via path manipulation and symlinks.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-50549
25 Jun 202618:47
attackerkb
ATTACKERKB
CVE-2026-50548
25 Jun 202618:47
attackerkb
Circl
CVE-2026-50548
26 Jun 202601:30
circl
Circl
CVE-2026-50549
26 Jun 202601:27
circl
CVE
CVE-2026-50548
25 Jun 202618:47
cve
CVE
CVE-2026-50549
25 Jun 202618:47
cve
Cvelist
CVE-2026-50548 Cursor Desktop sandbox escape via agent-controlled working directory
25 Jun 202618:47
cvelist
Cvelist
CVE-2026-50549 Cursor Desktop sandbox escape via symlink and failed path canonicalization
25 Jun 202618:47
cvelist
EUVD
EUVD-2026-39536
25 Jun 202618:47
euvd
EUVD
EUVD-2026-39537
25 Jun 202618:47
euvd
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(324969);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/06");

  script_cve_id("CVE-2026-50548", "CVE-2026-50549");

  script_name(english:"Cursor < 3.0 Multiple Sandbox Escapes");

  script_set_attribute(attribute:"synopsis", value:
"The Cursor instance installed on the remote host is affected by
multiple sandbox escape vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Cursor installed on the remote host is prior to 3.0.
It is, therefore, affected by multiple vulnerabilities:

  - A flaw in the agent sandbox allows a malicious agent to manipulate
    the working_directory parameter, causing the sandbox to include
    writable paths outside the intended workspace. This enables
    non-sandboxed remote code execution under the user's privileges
    with no user interaction beyond a benign prompt.
    (CVE-2026-50548)

  - A flaw in the agent sandbox path canonicalization allows a
    malicious agent to create an in-workspace symlink pointing outside
    the workspace and force canonicalization to fail, resulting in
    unapproved writes to arbitrary locations. This enables
    non-sandboxed remote code execution under the user's privileges
    with no user interaction beyond a benign prompt.
    (CVE-2026-50549)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # https://github.com/cursor/cursor/security/advisories/GHSA-3p48-7v9f-v5cw
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4fef00f5");
  # https://github.com/cursor/cursor/security/advisories/GHSA-3v8f-48vw-3mjx
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6f711d92");
  script_set_attribute(attribute:"solution", value:
"Upgrade Cursor to version 3.0 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-50549");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:anysphere:cursor");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:anysphere:cursor");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Artificial Intelligence");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("anysphere_cursor_win_installed.nbin", "anysphere_cursor_macos_installed.nbin", "anysphere_cursor_nix_installed.nbin");
  script_require_keys("installed_sw/Anysphere Cursor");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'Anysphere Cursor', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '3.0'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

06 Jul 2026 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 3.19.8
CVSS 49.3
EPSS0.00638
SSVC
5