AI description
CVE-2026-50548 is a sandbox escape vulnerability found in the Cursor AI code editor, affecting versions prior to 3.0. The flaw stems from how the editor's agent handles terminal commands within its sandbox environment. While the sandbox is designed to restrict write access to the command's working directory, a malicious agent could manipulate the `working_directory` parameter. This manipulation allows the sandbox to include writable paths outside the intended workspace, enabling the agent to write arbitrary files to sensitive locations with the user's privileges. This vulnerability can lead to non-sandboxed remote code execution, for instance, by overwriting critical helper files, and can be exploited without user interaction beyond an initial benign prompt.
- Description
- Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the working_directory parameter, which could cause the sandbox to include writable paths outside the intended workspace. A malicious agent could set working_directory to a sensitive location and write arbitrary files outside the workspace under the user's privileges. This enables non-sandboxed Remote Code Execution — for example by overwriting the cursorsandbox helper so later commands run unsandboxed — with no user interaction beyond a benign prompt. This vulnerability is fixed in 3.0.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- cursor
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🔐 CVE-2026-50548 & CVE-2026-50549 — Cursor IDE Sandbox Escape RCE 🔗 https://t.co/yWwIuxlbZf #CyberSecurity #ThreatIntel
@ThreatAft
6 Jul 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two CVSS 9.3 vulns in Cursor AI code editor. Info, incl. fix info, at vulnerability alert service, #SecAlerts: CVE-2026-50549: https://t.co/QLLNCs2Xgf CVE-2026-50548: https://t.co/rRvHpFXJE0 #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #CVE202650548 #CVE202650549
@SecAlertsCo
6 Jul 2026
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The new "DuneSlide" vulnerabilities in Cursor AI (CVE-2026-50548 & CVE-2026-50549) let attackers bypass sandbox protections using indirect prompt injection—zero clicks required. 🛑 See the fix & mitigation guide here 👇 🔗 https://t.co/4pKZJU8h69 #InfoSec #AI #De
@udaypatil077
4 Jul 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two Cursor flaws let one prompt escape the sandbox. DuneSlide (CVE-2026-50548, CVE-2026-50549): - CVSS 9.8, no click required - Prompt injection runs arbitrary commands on dev machines - Patched, but every Cursor build before the fix is exposed Update today, then audit your
@so_sthbryan
4 Jul 2026
81 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 AI dev-tool security watch: Cato reports two critical Cursor IDE flaws, CVE-2026-50548 and CVE-2026-50549, that can turn prompt-injection exposure into sandbox escape and local code-execution risk. Cursor 3.0 includes fixes. #Cybersecurity #AI https://t.co/kFwszdCRyA
@Divinmentis
4 Jul 2026
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution - (CVE-2026-50548 and CVE-2026) 50549https://www.securityweek.com/critical-cursor-ai-ide-flaws-could-lead-to-os-level-remote-code-execution/
@SecurityWeek
3 Jul 2026
1830 Impressions
1 Retweet
3 Likes
0 Bookmarks
1 Reply
0 Quotes
1/3 Two critical flaws (CVE-2026-50548 and CVE-2026-50549, CVSS 9.8) in Cursor AI let prompt injection escape the sandbox and run commands on the developer's machine. No click needed. All versions before 3.0 are affected. Patch now. #CVE #PromptInjection #cybersecurity
@CyberTLDR
2 Jul 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
DuneSlide: Two Critical RCE Vulnerabilities CVE-2026-50548 and CVE-2026-50549 via Zero-Click Prompt Injection in Cursor IDE via @CatoNetworks #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/HP4qAM5BDo
@proficioinc
2 Jul 2026
93 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical bugs in Cursor Desktop! 🚨 CVE-2026-50548 and CVE-2026-50549 allow AI agents to escape the sandbox and execute arbitrary code (RCE) on your host. Read the full technical breakdown and protection steps here: https://t.co/2L97WSoFlE #AISecurity #Infosec #CVE https://t
@denizhalilT
2 Jul 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical - Sandbox Escape & RCE in Cursor AI Editor (CVE-2026-50549, CVE-2026-50548) Two critical vulnerabilities have been disclosed in Cursor's AI agent sandbox. Malicious agents can exploit canonicalization failures via symlinks or manipulate the working_directory
@UpwindMDR
6 Jun 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:anysphere:cursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "157F84FF-1732-49FF-BFB0-1A65EB76DAD2",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]