{"data":{"id":"9484a970-1142-4ca0-afc0-65855ddf00cc","title":"CVE-2026-61613: Cursor is a code editor built for programming with AI. Prior to the Cloud Agent fix on 03/31/2026, browser-enabled Curso","summary":"Cursor is a code editor that uses AI to help with programming. Before a fix on March 31, 2026, attackers could use malicious web content to connect to an unprotected local endpoint (a communication point on a user's computer) in Cursor's Cloud Agent, allowing them to run code, steal files, access environment variables (settings that programs use), steal credentials (login information), and take GitHub App access tokens (digital keys that grant permissions to GitHub accounts).","solution":"This issue was fixed on 03/31/2026 by requiring authentication for the relevant agent endpoint.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-61613","publishedAt":"2026-07-15T15:16:47.700Z","cveId":"CVE-2026-61613","cweIds":["CWE-306"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-15T15:16:47.700Z","capecIds":["CAPEC-115"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}