{"data":{"id":"374f88d6-bf53-4ad3-b673-9c6ef6c31d51","title":"CVE-2026-26268: Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in ver","summary":"Cursor, a code editor designed for programming with AI, had a sandbox escape vulnerability in versions before 2.5 where a malicious agent (an attacker using prompt injection, which is tricking an AI by hiding instructions in its input) could write to unprotected .git configuration files, including git hooks (scripts that run automatically when Git performs certain actions). This could lead to RCE (remote code execution, where an attacker runs commands on a system they don't control) when those hooks were triggered, with no user action needed.","solution":"Fixed in version 2.5.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-26268","publishedAt":"2026-02-13T17:16:14.227Z","cveId":"CVE-2026-26268","cweIds":["CWE-862"],"cvssScore":"8","cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00042,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}