16 matches found
CVE-2026-50549
Cursor before version 3.0 contains a sandbox escape: if path canonicalization fails, a write can be redirected via an in-workspace symlink to arbitrary locations outside the workspace, enabling non-sandboxed Remote Code Execution under the user’s privileges. Affected: Cursor editor (pre-3.0) with...
CVE-2026-50548
Technical details about CVE-2026-50548 are not publicly available in the provided documents. Monitor for updates to obtain affected products, root cause specifics, impact, and remediation.
CVE-2025-54135
Cursor before v1.3.9 allows prompt-injection via MCP MCP server data to auto-run and write to ~/.cursor/mcp.json, enabling RCE when processing external content. Affected: Cursor AI code editor (Cursor) in-workspace file writes without user approval; dotfiles require approval but new dotfiles do n...
CVE-2025-54136
Cursor is an AI code editor where CVE-2025-54136 affects versions
CVE-2026-22708
CVE-2026-22708 affects Cursor (AI-enhanced code editor). Prior to version 2.3, when the Cursor Agent runs in Auto-Run mode with Allowlist enabled, certain shell built-ins can be executed without appearing in the allowlist or requiring user approval. This enables an attacker to perform indirect or...
CVE-2025-54132
CVE-2025-54132 affects Cursor’s Mermaid-based diagram tool prior to version 1.3. An attacker can trigger prompt injections to cause Mermaid-rendered images to fetch data to a remote attacker-controlled server, enabling exfiltration of sensitive information. The issue is fixed in version 1.3; upgr...
CVE-2025-54130
CVE-2025-54130 (Cursor) affects Cursor, a code editor with AI features. In versions
CVE-2025-64110
CVE-2025-64110 affects Cursor: code editor for AI-assisted programming. A logic bug in versions 1.7.23 and earlier allows a malicious agent with prompt-injection access to read files protected by cursorignore, by creating a new cursorignore file that can invalidate existing configurations. The is...
CVE-2026-26268
CVE-2026-26268 (Cursor) affects Cursor, a code editor with AI features. The bug allows a sandbox escape by writing to improperly protected .git configuration, including git hooks, enabling out-of-sandbox remote code execution when triggered by Git operations. The issue exists in versions prior to...
CVE-2025-54131
Cursor before v1.3 is vulnerable: an attacker can bypass the auto-run allow list using a backtick (`) or $(cmd) to execute arbitrary commands outside the allowlist, especially if the user has switched to an allowlist setting. The issue can be triggered via indirect prompt injection and is fixed i...
CVE-2025-61590
Cursor (editor) versions ≤1.6 are vulnerable to remote code execution via Visual Studio Code Workspaces. The attack involves hijacking the user’s chat context to prompt-inject and modify .code-workspace/settings, enabling RCE by writing to the workspace settings. The issue is fixed in version 1.7...
CVE-2025-64106
Cursor (code editor with AI) versions 1.7.28 and below contain an input validation flaw in the MCP server installation that allows specially crafted deep-links to bypass security warnings and execute attacker-specified commands when a user accepts the server connection. Affected component: the MC...
CVE-2026-31854
Cursor is a code editor for programming with AI. Prior to 2.0, if a visited website contains malicious instructions, the model may follow them to “assist” the user. When combined with a bypass of the command whitelist, indirect prompt injections could cause automatic command execution without use...
CVE-2025-61589
CVE-2025-61589 affects Cursor: in versions 1.6 and earlier, Mermaid diagram rendering can embed images that are rendered in the chat box, enabling an attacker to exfiltrate sensitive information to a third‑party server via an image fetch after a prompt injection. The issue requires malicious inpu...
CVE-2025-64107
CVE-2025-64107 affects Cursor (open-source AI code editor). Versions 1.7.52 and earlier are vulnerable to path manipulation allowing RCE on Windows due to incomplete detection of backslash-based path operations, unlike the forward-slash checks that require approval. An attacker with prior control...
CVE-2025-64108
Cursor is an AI-assisted code editor with a vulnerability in versions 1.7.44 and below. The issue arises from NTFS path quirks that permit a prompt-injection attacker to bypass file protections and overwrite files that normally require human approval. Modifications to protected files can lead to ...