CVE-2026-50549

Published Jun 25, 2026

Last updated 10 days ago

Overview

Description
Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path and writes without approval. A malicious agent can create an in-workspace symlink that points outside the workspace and force canonicalization to fail — either because the target does not exist or because read permission is removed from the path — so the agent writes through the symlink to an arbitrary location without approval. A malicious agent could write arbitrary files outside the workspace under the user's privileges. This enables non-sandboxed Remote Code Execution — for example by overwriting the cursorsandbox helper so later commands run unsandboxed — with no user interaction beyond a benign prompt. This vulnerability is fixed in 3.0.
Source
security-advisories@github.com
NVD status
Analyzed
Products
cursor

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-59

Social media

Hype score
Not currently trending
  1. 🔐 CVE-2026-50548 & CVE-2026-50549 — Cursor IDE Sandbox Escape RCE 🔗 https://t.co/yWwIuxlbZf #CyberSecurity #ThreatIntel

    @ThreatAft

    6 Jul 2026

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Two CVSS 9.3 vulns in Cursor AI code editor. Info, incl. fix info, at vulnerability alert service, #SecAlerts: CVE-2026-50549: https://t.co/QLLNCs2Xgf CVE-2026-50548: https://t.co/rRvHpFXJE0 #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #CVE202650548 #CVE202650549

    @SecAlertsCo

    6 Jul 2026

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. The new "DuneSlide" vulnerabilities in Cursor AI (CVE-2026-50548 & CVE-2026-50549) let attackers bypass sandbox protections using indirect prompt injection—zero clicks required. 🛑 See the fix & mitigation guide here 👇 🔗 https://t.co/4pKZJU8h69 #InfoSec #AI #De

    @udaypatil077

    4 Jul 2026

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Two Cursor flaws let one prompt escape the sandbox. DuneSlide (CVE-2026-50548, CVE-2026-50549): - CVSS 9.8, no click required - Prompt injection runs arbitrary commands on dev machines - Patched, but every Cursor build before the fix is exposed Update today, then audit your

    @so_sthbryan

    4 Jul 2026

    81 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  5. 🚨 AI dev-tool security watch: Cato reports two critical Cursor IDE flaws, CVE-2026-50548 and CVE-2026-50549, that can turn prompt-injection exposure into sandbox escape and local code-execution risk. Cursor 3.0 includes fixes. #Cybersecurity #AI https://t.co/kFwszdCRyA

    @Divinmentis

    4 Jul 2026

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  6. 1/3 Two critical flaws (CVE-2026-50548 and CVE-2026-50549, CVSS 9.8) in Cursor AI let prompt injection escape the sandbox and run commands on the developer's machine. No click needed. All versions before 3.0 are affected. Patch now. #CVE #PromptInjection #cybersecurity

    @CyberTLDR

    2 Jul 2026

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. DuneSlide: Two Critical RCE Vulnerabilities CVE-2026-50548 and CVE-2026-50549 via Zero-Click Prompt Injection in Cursor IDE via @CatoNetworks #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/HP4qAM5BDo

    @proficioinc

    2 Jul 2026

    93 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Critical bugs in Cursor Desktop! 🚨 CVE-2026-50548 and CVE-2026-50549 allow AI agents to escape the sandbox and execute arbitrary code (RCE) on your host. Read the full technical breakdown and protection steps here: https://t.co/2L97WSoFlE #AISecurity #Infosec #CVE https://t

    @denizhalilT

    2 Jul 2026

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 Critical - Sandbox Escape & RCE in Cursor AI Editor (CVE-2026-50549, CVE-2026-50548) Two critical vulnerabilities have been disclosed in Cursor's AI agent sandbox. Malicious agents can exploit canonicalization failures via symlinks or manipulate the working_directory

    @UpwindMDR

    6 Jun 2026

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.