Lucene search
K

79 matches found

NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-50548

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the workingdirectory parameter, which could...

9.8CVSS0.00637EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 7:16 p.m.12 views

CVE-2026-50549

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path an...

9.8CVSS0.00638EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 6:47 p.m.9 views

EUVD-2026-39537

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the workingdirectory parameter, which could...

9.3CVSS6.2AI score0.00637EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 6:47 p.m.6 views

EUVD-2026-39536

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path an...

9.3CVSS6.2AI score0.00638EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 7:56 p.m.14 views

EUVD-2026-37002

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS5.5AI score0.00144EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49469

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 3.0.0 Description Cursor Desktop allows the execution of workspace-defined Claude hook commands located in .claude/settings.local.json without requiring explicit user approval. A malicious workspace or a file created b...

8.5CVSS6.1AI score0.00144EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 5:11 p.m.4 views

CVE-2026-31854

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections...

8.7CVSS5.8AI score0.00276EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 5:11 p.m.4 views

CVE-2026-31854 Cursor Affected by Arbitrary Code Execution via Prompt Injection and Whitelist Bypass

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections...

8.7CVSS5.8AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 5:11 p.m.25 views

CVE-2026-31854 Cursor Affected by Arbitrary Code Execution via Prompt Injection and Whitelist Bypass

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections...

8.7CVSS0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Cursor 操作系统命令注入漏洞

Cursor is an AI-powered intelligent code editor developed by Cursor Open Source. Prior to Cursor 2.0, there was a vulnerability related to operating system command injection. This vulnerability stemmed from the possibility of the model executing malicious instructions, which could lead to automat...

8.8CVSS6AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2026/02/13 5:16 p.m.9 views

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

9.9CVSS0.0049EPSS
Exploits0References1
CVE
CVE
added 2026/02/13 4:54 p.m.33 views

CVE-2026-26268

CVE-2026-26268 (Cursor) affects Cursor, a code editor with AI features. The bug allows a sandbox escape by writing to improperly protected .git configuration, including git hooks, enabling out-of-sandbox remote code execution when triggered by Git operations. The issue exists in versions prior to...

9.9CVSS5.7AI score0.0049EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/13 4:54 p.m.4 views

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

8CVSS6AI score0.0049EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/13 4:54 p.m.34 views

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

8CVSS0.0049EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/13 4:54 p.m.5 views

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

8CVSS5.7AI score0.0049EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.5 views

Cursor 安全漏洞

Cursor is an AI-powered intelligent code editor developed by Cursor Open Source. Versions of Cursor prior to 2.5 contained security vulnerabilities. These vulnerabilities stemmed from a sandbox escape vulnerability that could be exploited by writing to the.git configuration file, potentially...

9.9CVSS6.6AI score0.0049EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 5:16 p.m.10 views

CVE-2026-22708

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.8CVSS0.00537EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/14 4:43 p.m.23 views

CVE-2026-22708 Cursor has a Terminal Tool Allowlist Bypass via Environment Variables

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.2CVSS0.00537EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/14 4:43 p.m.13 views

CVE-2026-22708 Cursor has a Terminal Tool Allowlist Bypass via Environment Variables

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.2CVSS7AI score0.00537EPSS
Exploits0References1
CVE
CVE
added 2026/01/14 4:43 p.m.49 views

CVE-2026-22708

CVE-2026-22708 affects Cursor (AI-enhanced code editor). Prior to version 2.3, when the Cursor Agent runs in Auto-Run mode with Allowlist enabled, certain shell built-ins can be executed without appearing in the allowlist or requiring user approval. This enables an attacker to perform indirect or...

9.8CVSS7AI score0.00537EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder