Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution
Summary
Two critical vulnerabilities (CVE-2026-50548 and CVE-2026-50549, with CVSS score of 9.8, a 0-10 severity rating) in the Cursor AI code editor could allow attackers to execute code at the operating system level by exploiting the editor's automatic command execution without user approval. The first flaw allows attackers to change the working directory to bypass the sandbox (a restricted environment where code runs safely), while the second uses symbolic links (special files that point to other files) to write files outside the intended project directory and disable sandbox protections.
Solution / Mitigation
Patches for both vulnerabilities were included in Cursor 3.0, which was released on April 2.
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
Original source: https://www.securityweek.com/critical-cursor-ai-ide-flaws-could-lead-to-os-level-remote-code-execution/
First tracked: July 3, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 92%