CVE Tools
Back to feed
SecurityWeek ·EN-US News source

Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution

By Ionut Arghire··2 min read
CVE Tools coverage

Cato Networks reports two critical vulnerabilities in the AI code editor Cursor that could enable remote code execution on the host operating system by escaping the IDE’s sandbox. The issues are tracked as CVE-2026-50548 and CVE-2026-50549 (CVSS 9.8), collectively referred to as DuneSlide, and they can be triggered through crafted prompts that abuse Cursor’s automatic terminal command execution and weaknesses in file path handling involving symbolic links. This matters because a malicious payload could move from an injected IDE action to unrestricted OS-level code execution.