{"data":{"id":"3ce5f1dc-cbd1-4af1-bcb1-c16f891e5929","title":"CVE-2026-31854: Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted i","summary":"Cursor is a code editor designed for programming with AI assistance. Before version 2.0, the software was vulnerable to prompt injection attacks (tricking the AI by hiding malicious instructions in website content), which could bypass the command whitelist (a list of allowed commands) and cause the AI to execute commands without the user's permission. This is a serious security flaw rated as HIGH severity.","solution":"This vulnerability is fixed in version 2.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-31854","publishedAt":"2026-03-11T17:16:58.917Z","cveId":"CVE-2026-31854","cweIds":["CWE-78"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-11T17:16:58.917Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}