{"data":{"id":"5f22877d-1f9f-4af0-aede-3a4feca221a5","title":"Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution","summary":"Two critical vulnerabilities (CVE-2026-50548 and CVE-2026-50549, with CVSS score of 9.8, a 0-10 severity rating) in the Cursor AI code editor could allow attackers to execute code at the operating system level by exploiting the editor's automatic command execution without user approval. The first flaw allows attackers to change the working directory to bypass the sandbox (a restricted environment where code runs safely), while the second uses symbolic links (special files that point to other files) to write files outside the intended project directory and disable sandbox protections.","solution":"Patches for both vulnerabilities were included in Cursor 3.0, which was released on April 2.","labels":["security"],"sourceUrl":"https://www.securityweek.com/critical-cursor-ai-ide-flaws-could-lead-to-os-level-remote-code-execution/","publishedAt":"2026-07-03T07:57:53.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["prompt_injection","model_poisoning"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-03T07:57:53.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}