Two critical vulnerabilities in Cursor, tracked as CVE-2026-50548 and CVE-2026-50549, could enable command execution outside the editor's safety sandbox, affecting many Fortune 500 companies. The flaws, identified by Cato AI Labs and rated 9.8/10 in severity, can be exploited through prompt injection without user interaction, necessitating an immediate software update to the patched version 3.0.
Cursor, an AI code editing tool, has two critical vulnerabilities that could allow an attacker to execute arbitrary commands on a developer's computer. These vulnerabilities, identified by Cato AI Labs, are named DuneSlide and tracked under CVE-2026-50548 and CVE-2026-50549. Both are rated 9.8 out of 10 for severity, indicating a high risk that needs to be addressed.
The vulnerabilities exploit prompt injection, a method where an attacker places malicious instructions within normal user queries. With no user interaction needed, this exploitation is classified as 'zero-click.' The flaws allow the agent to write files it normally shouldn't by changing its working directory or circumventing safety checks.
CVE-2026-50548 allows the agent to overwrite the sandbox helper file due to improper handling of the 'working_directory' parameter. On the other hand, CVE-2026-50549 bypasses safety checks related to symbolic links, allowing attackers to exploit the editor's trust in in-project paths. This could enable them to execute commands outside the intended limitations of the sandbox.
Cursor 3.0, released on April 2, contains patches for these vulnerabilities. Users are strongly advised to update to this version, as prior versions are vulnerable to these security risks. Given that more than half of Fortune 500 companies utilize this tool, ensuring software updates is critical for protecting sensitive development environments.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Two critical vulnerabilities in Cursor, tracked as CVE-2026-50548 and CVE-2026-50549, could enable command execution outside the editor's safety sandbox, affecting many Fortune 500 companies. The flaws, identified by Cato AI Labs and rated 9.8/10 in severity, can be exploited through prompt injection without user interaction, necessitating an immediate software update to the patched version 3.0.