Sandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vector
Summary
Researchers discovered two sandbox bypass vulnerabilities (CVE-2026-50548 and CVE-2026-50549) in Cursor, a popular AI-assisted coding tool, that allow attackers to achieve RCE (remote code execution, where an attacker can run commands on a system they don't own) through prompt injection (tricking an AI by hiding instructions in its input). The flaws exploit logic errors in Cursor's command execution sandbox, the protective layer meant to prevent the internal AI agent from performing unauthorized actions on the operating system, and can be triggered when users unknowingly process malicious instructions from untrusted sources like web results or MCP servers (model context protocol servers, which provide external data to AI tools).
Solution / Mitigation
The two flaws were patched in version 3.0 of the Cursor IDE, which was released in April.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4191923/sandbox-bypass-flaws-in-cursor-ide-highlight-prompt-injection-as-an-rce-vector.html
First tracked: July 2, 2026 at 02:01 AM
Classified by LLM (prompt v3) · confidence: 92%