CVE-2026-50548

Published Jun 25, 2026

Last updated 10 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-50548 is a sandbox escape vulnerability found in the Cursor AI code editor, affecting versions prior to 3.0. The flaw stems from how the editor's agent handles terminal commands within its sandbox environment. While the sandbox is designed to restrict write access to the command's working directory, a malicious agent could manipulate the `working_directory` parameter. This manipulation allows the sandbox to include writable paths outside the intended workspace, enabling the agent to write arbitrary files to sensitive locations with the user's privileges. This vulnerability can lead to non-sandboxed remote code execution, for instance, by overwriting critical helper files, and can be exploited without user interaction beyond an initial benign prompt.

Description
Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the working_directory parameter, which could cause the sandbox to include writable paths outside the intended workspace. A malicious agent could set working_directory to a sensitive location and write arbitrary files outside the workspace under the user's privileges. This enables non-sandboxed Remote Code Execution — for example by overwriting the cursorsandbox helper so later commands run unsandboxed — with no user interaction beyond a benign prompt. This vulnerability is fixed in 3.0.
Source
security-advisories@github.com
NVD status
Analyzed
Products
cursor

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-22

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. 🔐 CVE-2026-50548 & CVE-2026-50549 — Cursor IDE Sandbox Escape RCE 🔗 https://t.co/yWwIuxlbZf #CyberSecurity #ThreatIntel

    @ThreatAft

    6 Jul 2026

    64 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Two CVSS 9.3 vulns in Cursor AI code editor. Info, incl. fix info, at vulnerability alert service, #SecAlerts: CVE-2026-50549: https://t.co/QLLNCs2Xgf CVE-2026-50548: https://t.co/rRvHpFXJE0 #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #CVE202650548 #CVE202650549

    @SecAlertsCo

    6 Jul 2026

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. The new "DuneSlide" vulnerabilities in Cursor AI (CVE-2026-50548 & CVE-2026-50549) let attackers bypass sandbox protections using indirect prompt injection—zero clicks required. 🛑 See the fix & mitigation guide here 👇 🔗 https://t.co/4pKZJU8h69 #InfoSec #AI #De

    @udaypatil077

    4 Jul 2026

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Two Cursor flaws let one prompt escape the sandbox. DuneSlide (CVE-2026-50548, CVE-2026-50549): - CVSS 9.8, no click required - Prompt injection runs arbitrary commands on dev machines - Patched, but every Cursor build before the fix is exposed Update today, then audit your

    @so_sthbryan

    4 Jul 2026

    81 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  5. 🚨 AI dev-tool security watch: Cato reports two critical Cursor IDE flaws, CVE-2026-50548 and CVE-2026-50549, that can turn prompt-injection exposure into sandbox escape and local code-execution risk. Cursor 3.0 includes fixes. #Cybersecurity #AI https://t.co/kFwszdCRyA

    @Divinmentis

    4 Jul 2026

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  6. Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution - (CVE-2026-50548 and CVE-2026) 50549https://www.securityweek.com/critical-cursor-ai-ide-flaws-could-lead-to-os-level-remote-code-execution/

    @SecurityWeek

    3 Jul 2026

    1830 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. 1/3 Two critical flaws (CVE-2026-50548 and CVE-2026-50549, CVSS 9.8) in Cursor AI let prompt injection escape the sandbox and run commands on the developer's machine. No click needed. All versions before 3.0 are affected. Patch now. #CVE #PromptInjection #cybersecurity

    @CyberTLDR

    2 Jul 2026

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. DuneSlide: Two Critical RCE Vulnerabilities CVE-2026-50548 and CVE-2026-50549 via Zero-Click Prompt Injection in Cursor IDE via @CatoNetworks #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/HP4qAM5BDo

    @proficioinc

    2 Jul 2026

    93 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Critical bugs in Cursor Desktop! 🚨 CVE-2026-50548 and CVE-2026-50549 allow AI agents to escape the sandbox and execute arbitrary code (RCE) on your host. Read the full technical breakdown and protection steps here: https://t.co/2L97WSoFlE #AISecurity #Infosec #CVE https://t

    @denizhalilT

    2 Jul 2026

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 Critical - Sandbox Escape & RCE in Cursor AI Editor (CVE-2026-50549, CVE-2026-50548) Two critical vulnerabilities have been disclosed in Cursor's AI agent sandbox. Malicious agents can exploit canonicalization failures via symlinks or manipulate the working_directory

    @UpwindMDR

    6 Jun 2026

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.