12 matches found
CVE-2025-61593 Cursor CLI Agent: Sensitive File Overwrite Bypass
Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files i.e. /.cursor/cli.json allows attackers to modify the content of the files through prompt injection, thus achieving remote code execution. A...
CVE-2025-61593 Cursor CLI Agent: Sensitive File Overwrite Bypass
Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files i.e. /.cursor/cli.json allows attackers to modify the content of the files through prompt injection, thus achieving remote code execution. A...
CVE-2025-61591 Cursor CLI's Cursor Agent MCP OAuth2 Communication is Vulnerable to Remote Code Execution
Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can impersonate a malicious MCP server and return crafted, maliciously injected commands during the interaction process, leading to comman...
CVE-2025-54130 Cursor Agent is vulnerable prompt injection via Editor Special Files
Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the...
CVE-2025-54130
CVE-2025-54130 (Cursor) affects Cursor, a code editor with AI features. In versions
CVE-2025-54135 Cursor Agent is vulnerable to prompt injection via MCP Special Files
Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file...
CVE-2025-54135 Cursor Agent is vulnerable to prompt injection via MCP Special Files
Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file...
CVE-2025-49150 Cursor Agent Potentially Leaks Information using JSON schema
Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...
CVE-2025-49150
Cursor is vulnerable prior to version 0.51.0 due to json.schemaDownload.enable being True by default. When a JSON file is written, an attacker can trigger an arbitrary HTTP GET request without user confirmation, and because the Cursor Agent can edit JSON files, this can enable data exfiltration i...
CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs
Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...
CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs
Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...
CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs
Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...