Lucene search
K

4 matches found

NVD
NVD
added 2026/06/15 9:17 p.m.7 views

CVE-2026-48124

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 7:56 p.m.14 views

EUVD-2026-37002

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS5.5AI score0.00144EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 7:56 p.m.23 views

CVE-2026-48124

The CVE-2026-48124 affects Cursor Desktop prior to version 3.0.0. A workspace-defined Claude hook can be configured via .claude/settings.local.json to execute local commands without dedicated user approval, enabling possible sandbox escape, persistence across turns, and local data access if an ag...

8.5CVSS5.5AI score0.00144EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49469

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 3.0.0 Description Cursor Desktop allows the execution of workspace-defined Claude hook commands located in .claude/settings.local.json without requiring explicit user approval. A malicious workspace or a file created b...

8.5CVSS6.1AI score0.00144EPSS
Exploits0References3
Rows per page
Query Builder