3 matches found
Cursor 操作系统命令注入漏洞
Cursor is an AI code editor from Cursor open source. An operating system command injection vulnerability exists in versions prior to Cursor 2025.09.17-25b418f, which stems from an MCP server mechanism that allows the upload of malicious MCP configurations, which could lead to remote code executio...
CVE-2025-61591 Cursor CLI's Cursor Agent MCP OAuth2 Communication is Vulnerable to Remote Code Execution
Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can impersonate a malicious MCP server and return crafted, maliciously injected commands during the interaction process, leading to comman...
EUVD-2025-32313
Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can impersonate a malicious MCP server and return crafted, maliciously injected commands during the interaction process, leading to comman...