CVE-2026-26268: Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in ver
highvulnerability
security
Summary
Cursor, a code editor designed for programming with AI, had a sandbox escape vulnerability in versions before 2.5 where a malicious agent (an attacker using prompt injection, which is tricking an AI by hiding instructions in its input) could write to unprotected .git configuration files, including git hooks (scripts that run automatically when Git performs certain actions). This could lead to RCE (remote code execution, where an attacker runs commands on a system they don't control) when those hooks were triggered, with no user action needed.
Solution / Mitigation
Fixed in version 2.5.
Vulnerability Details
CVSS Score
8(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-26268
First tracked: February 13, 2026 at 01:32 PM
Classified by LLM (prompt v3) · confidence: 92%