{"data":{"id":"0810f221-4a2c-4330-9960-8cd49526ef31","title":"Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands","summary":"Cursor, an AI code editor used by over half of Fortune 500 companies, had two critical flaws (CVE-2026-50548 and CVE-2026-50549, both rated 9.8/10 severity) that allowed attackers to use prompt injection (hiding malicious instructions in data the AI reads) to escape the sandbox (a restricted environment limiting what commands can access) and run any command on a developer's computer without requiring any user action. The attacks worked by tricking the AI into writing to restricted system files, either by abusing a folder parameter or exploiting a flaw in how the editor checked for symbolic links (shortcuts that point to files).","solution":"Both bugs are patched in Cursor 3.0, released April 2. All versions before 3.0 are affected, so users should update immediately.","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html","publishedAt":"2026-07-01T14:42:54.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-01T14:42:54.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}