{"data":{"id":"06dc6494-c91f-4174-a750-0e2fb30dbb92","title":"CVE-2026-22708: Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode wi","summary":"Cursor is a code editor designed for programming with AI. Before version 2.3, when the Cursor Agent runs in Auto-Run Mode with Allowlist mode enabled (a security setting that restricts which commands can run), attackers could bypass this protection by using prompt injection (tricking the AI by hiding instructions in its input) to execute shell built-ins (basic operating system commands) and modify environment variables (settings that affect how programs behave). This vulnerability allows attackers to compromise the shell environment without user approval.","solution":"This vulnerability is fixed in 2.3.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-22708","publishedAt":"2026-01-14T17:16:08.980Z","cveId":"CVE-2026-22708","cweIds":["CWE-15","CWE-74","CWE-77","CWE-78","CWE-94","CWE-269","CWE-77"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["prompt_injection","supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00064,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-122","CAPEC-242","CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}