Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands
Summary
Cursor, an AI code editor used by over half of Fortune 500 companies, had two critical flaws (CVE-2026-50548 and CVE-2026-50549, both rated 9.8/10 severity) that allowed attackers to use prompt injection (hiding malicious instructions in data the AI reads) to escape the sandbox (a restricted environment limiting what commands can access) and run any command on a developer's computer without requiring any user action. The attacks worked by tricking the AI into writing to restricted system files, either by abusing a folder parameter or exploiting a flaw in how the editor checked for symbolic links (shortcuts that point to files).
Solution / Mitigation
Both bugs are patched in Cursor 3.0, released April 2. All versions before 3.0 are affected, so users should update immediately.
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html
First tracked: July 1, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%