{"data":{"id":"60160742-12ca-41f5-9dbe-4a80bec03a77","title":"Sandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vector","summary":"Researchers discovered two sandbox bypass vulnerabilities (CVE-2026-50548 and CVE-2026-50549) in Cursor, a popular AI-assisted coding tool, that allow attackers to achieve RCE (remote code execution, where an attacker can run commands on a system they don't own) through prompt injection (tricking an AI by hiding instructions in its input). The flaws exploit logic errors in Cursor's command execution sandbox, the protective layer meant to prevent the internal AI agent from performing unauthorized actions on the operating system, and can be triggered when users unknowingly process malicious instructions from untrusted sources like web results or MCP servers (model context protocol servers, which provide external data to AI tools).","solution":"The two flaws were patched in version 3.0 of the Cursor IDE, which was released in April.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4191923/sandbox-bypass-flaws-in-cursor-ide-highlight-prompt-injection-as-an-rce-vector.html","publishedAt":"2026-07-02T01:31:35.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Cursor IDE","Cato Networks","MCP server"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-02T01:31:35.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}