{"data":{"id":"9ba88db6-ff4e-482e-b7f1-19d8cdc1f976","title":"CVE-2026-48124: Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute work","summary":"Cursor, a code editor designed for programming with AI assistance, had a security flaw in versions before 3.0.0 where it would automatically run commands from a settings file (.claude/settings.local.json) without asking the user first. An attacker could create a malicious workspace or file that executes harmful commands on the user's computer when the AI completes a task, potentially allowing them to escape security restrictions, maintain access across sessions, steal local data, or cause further damage.","solution":"Update Cursor to version 3.0.0 or later. According to the source, 'This issue has been fixed in version 3.0.0.'","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-48124","publishedAt":"2026-06-15T21:17:13.927Z","cveId":"CVE-2026-48124","cweIds":["CWE-94","CWE-829"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor","Anthropic Claude"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-15T21:17:13.927Z","capecIds":["CAPEC-242","CAPEC-437"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}