Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/15 7:56 p.m.14 views

EUVD-2026-37002

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS5.5AI score0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 7:56 p.m.28 views

CVE-2026-48124 Cursor Desktop sandbox escape via Claude hook configuration

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS0.00144EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 7:56 p.m.22 views

CVE-2026-48124

The CVE-2026-48124 affects Cursor Desktop prior to version 3.0.0. A workspace-defined Claude hook can be configured via .claude/settings.local.json to execute local commands without dedicated user approval, enabling possible sandbox escape, persistence across turns, and local data access if an ag...

8.5CVSS5.5AI score0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 5:53 p.m.29 views

EUVD-2026-5616

Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json...

7.7CVSS5.5AI score0.00416EPSS
Exploits0References1
Rows per page
Query Builder