{"data":{"id":"4c9a880a-2e40-4ad2-b9e3-544415bc27c8","title":"CVE-2026-50548: Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by","summary":"Cursor is a code editor that uses AI to help with programming. Before version 3.0, Cursor had a security flaw where an AI agent could trick the sandbox (a restricted environment that limits what code can do) into allowing file writes to sensitive locations outside the workspace, potentially letting malicious code run with full user permissions without any protection.","solution":"This vulnerability is fixed in 3.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-50548","publishedAt":"2026-06-25T19:16:39.660Z","cveId":"CVE-2026-50548","cweIds":["CWE-22"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-25T19:16:39.660Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0010"]}}