The Hacker News ·EN News source
Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands
CVE Tools coverage
AI code editor Cursor has two critical issues, tracked as CVE-2026-50548 and CVE-2026-50549, where prompt injection can bypass Cursor’s command sandbox and execute arbitrary commands on a developer’s machine without any user click or approval. The flaws matter because they allow attackers to neutralize the safety boundary using seemingly normal inputs (such as content read via MCP or web results), potentially leading to full local compromise and access to connected workspaces. Cursor fixed both problems in Cursor 3.0; all versions prior to 3.0 are affected.