CVE-2026-50549: Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by
criticalvulnerability
security
Summary
Cursor, a code editor that uses AI to help with programming, had a security flaw in versions before 3.0 where its sandbox protection (a restricted environment that limits what programs can do) could be bypassed. An AI agent could create a symlink (a shortcut that points to a different location) inside the workspace to trick the editor into writing files outside the workspace without user approval, potentially allowing an attacker to run code with full system access.
Solution / Mitigation
This vulnerability is fixed in version 3.0.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
June 25, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-50549
First tracked: June 25, 2026 at 08:13 PM
Classified by LLM (prompt v3) · confidence: 95%