{"data":{"id":"82b3008b-0119-4a9f-aa34-175f6ff85600","title":"Cursor AI Vulnerability Exposed Developer Devices","summary":"A security flaw in Cursor AI could allow attackers to gain shell access (the ability to run commands on a computer) by combining three techniques: indirect prompt injection (hiding malicious instructions in data that the AI reads rather than typing them directly), a sandbox bypass (escaping the restricted environment meant to contain the AI), and Cursor's remote tunnel feature (which allows access to machines over the internet). This chain of attacks could expose developer devices to unauthorized access.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.securityweek.com/cursor-ai-vulnerability-exposed-developer-devices/","publishedAt":"2026-04-17T07:29:16.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-17T07:29:16.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}