Cursor AI Editor Patched Two Critical 9.8-Severity Sandbox Escape Bugs
Security researchers at Cato AI Labs discovered two critical vulnerabilities, collectively named DuneSlide, in the Cursor AI code editor's sandbox system, both rated 9.8 out of 10 on the CVSS scale. The flaws allowed a zero-click sandbox escape, meaning attackers could plant hidden instructions in content the AI agent reads — such as web pages or MCP tool results — without any user interaction. Both bugs exploited the same underlying approach: tricking the agent into writing a file outside the project directory, then using that write to disable the sandbox entirely for subsequent commands. Cursor released patches in version 3.0 on April 2, roughly two and a half months before the public disclosure on July 1, following standard coordinated disclosure practices. The vulnerabilities affected all Cursor versions prior to 3.0, raising significant concern given that the tool is reportedly used by more than half of Fortune 500 companies.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in