21 matches found
CVE-2026-50549
Cursor before version 3.0 contains a sandbox escape: if path canonicalization fails, a write can be redirected via an in-workspace symlink to arbitrary locations outside the workspace, enabling non-sandboxed Remote Code Execution under the user’s privileges. Affected: Cursor editor (pre-3.0) with...
CVE-2026-50548
Technical details about CVE-2026-50548 are not publicly available in the provided documents. Monitor for updates to obtain affected products, root cause specifics, impact, and remediation.
CVE-2025-54135
Cursor before v1.3.9 allows prompt-injection via MCP MCP server data to auto-run and write to ~/.cursor/mcp.json, enabling RCE when processing external content. Affected: Cursor AI code editor (Cursor) in-workspace file writes without user approval; dotfiles require approval but new dotfiles do n...
CVE-2025-54136
Cursor is an AI code editor where CVE-2025-54136 affects versions
CVE-2026-22708
CVE-2026-22708 affects Cursor (AI-enhanced code editor). Prior to version 2.3, when the Cursor Agent runs in Auto-Run mode with Allowlist enabled, certain shell built-ins can be executed without appearing in the allowlist or requiring user approval. This enables an attacker to perform indirect or...
CVE-2025-54133
CVE-2025-54133 affects Cursor (code editor with AI features). The vulnerability lies in the MCP (Model Context Protocol) deeplink handler, where clicking a malicious cursor://anysphere.cursor-deeplink/mcp/install link can lead to execution of a full system command without showing the arguments in...
CVE-2025-54132
CVE-2025-54132 affects Cursor’s Mermaid-based diagram tool prior to version 1.3. An attacker can trigger prompt injections to cause Mermaid-rendered images to fetch data to a remote attacker-controlled server, enabling exfiltration of sensitive information. The issue is fixed in version 1.3; upgr...
CVE-2025-54130
CVE-2025-54130 (Cursor) affects Cursor, a code editor with AI features. In versions
CVE-2025-59944
Cursor IDE versions 1.6.23 and earlier are affected by a vulnerability in how sensitive files are protected (notably /.cursor/mcp.json). The issue arises from case-sensitive checks that can be bypassed, allowing an attacker to modify sensitive files via prompt injection and achieve remote code ex...
CVE-2026-26268
CVE-2026-26268 (Cursor) affects Cursor, a code editor with AI features. The bug allows a sandbox escape by writing to improperly protected .git configuration, including git hooks, enabling out-of-sandbox remote code execution when triggered by Git operations. The issue exists in versions prior to...
CVE-2025-61590
Cursor (editor) versions ≤1.6 are vulnerable to remote code execution via Visual Studio Code Workspaces. The attack involves hijacking the user’s chat context to prompt-inject and modify .code-workspace/settings, enabling RCE by writing to the workspace settings. The issue is fixed in version 1.7...
CVE-2025-64110
CVE-2025-64110 affects Cursor: code editor for AI-assisted programming. A logic bug in versions 1.7.23 and earlier allows a malicious agent with prompt-injection access to read files protected by cursorignore, by creating a new cursorignore file that can invalidate existing configurations. The is...
CVE-2025-54131
Cursor before v1.3 is vulnerable: an attacker can bypass the auto-run allow list using a backtick (`) or $(cmd) to execute arbitrary commands outside the allowlist, especially if the user has switched to an allowlist setting. The issue can be triggered via indirect prompt injection and is fixed i...
CVE-2025-61591
Cursor is an AI-enabled code editor. CVE-2025-61591 affects Cursor versions 1.7 and below, where OAuth authentication with an untrusted MCP server allows an attacker to impersonate the MCP server and inject crafted commands during the interaction, leading to command injection and potential remote...
CVE-2025-61593
CVE-2025-61593 affects Cursor, specifically Cursor CLI Agent in Cursor editor versions ≤ 1.7. The vulnerability stems from inadequate protection of sensitive files (e.g., /.cursor/cli.json ), allowing an attacker to inject prompts that modify these files, which can lead to remote code execution. ...
CVE-2025-61592
Cursor CLI (versions ≤ 1.7) is vulnerable to Remote Code Execution via automatic loading of project-specific CLI configuration from /.cursor/cli.json that can override global settings. The underlying issue is permissive configuration combined with prompt injection delivered through project rules ...
CVE-2025-64106
Cursor (code editor with AI) versions 1.7.28 and below contain an input validation flaw in the MCP server installation that allows specially crafted deep-links to bypass security warnings and execute attacker-specified commands when a user accepts the server connection. Affected component: the MC...
CVE-2026-31854
Cursor is a code editor for programming with AI. Prior to 2.0, if a visited website contains malicious instructions, the model may follow them to “assist” the user. When combined with a bypass of the command whitelist, indirect prompt injections could cause automatic command execution without use...
CVE-2025-61589
CVE-2025-61589 affects Cursor: in versions 1.6 and earlier, Mermaid diagram rendering can embed images that are rendered in the chat box, enabling an attacker to exfiltrate sensitive information to a third‑party server via an image fetch after a prompt injection. The issue requires malicious inpu...
CVE-2025-64107
CVE-2025-64107 affects Cursor (open-source AI code editor). Versions 1.7.52 and earlier are vulnerable to path manipulation allowing RCE on Windows due to incomplete detection of backslash-based path operations, unlike the forward-slash checks that require approval. An attacker with prior control...
CVE-2025-64108
Cursor is an AI-assisted code editor with a vulnerability in versions 1.7.44 and below. The issue arises from NTFS path quirks that permit a prompt-injection attacker to bypass file protections and overwrite files that normally require human approval. Modifications to protected files can lead to ...