Cursor AI Vulnerability Exposed Developer Devices
Summary
A security flaw in Cursor AI could allow attackers to gain shell access (the ability to run commands on a computer) by combining three techniques: indirect prompt injection (hiding malicious instructions in data that the AI reads rather than typing them directly), a sandbox bypass (escaping the restricted environment meant to contain the AI), and Cursor's remote tunnel feature (which allows access to machines over the internet). This chain of attacks could expose developer devices to unauthorized access.
Classification
Affected Vendors
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://www.securityweek.com/cursor-ai-vulnerability-exposed-developer-devices/
First tracked: April 17, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 85%