Cursor IDE Hit by Two Sandbox-Bypass Flaws Enabling Remote Code Execution
Security researchers at Cato Networks have disclosed two vulnerabilities in Cursor IDE, tracked as CVE-2026-50548 and CVE-2026-50549, that allow attackers to bypass the AI agent's command execution sandbox and achieve remote code execution. The flaws exploit prompt injection, a technique where malicious instructions are hidden inside content the AI agent fetches from sources like MCP servers or web search results. No prior privileges or deliberate user interaction are required — a developer simply typing a routine prompt is enough to trigger the attack. Once the agent ingests the poisoned content, it misinterprets the embedded instructions as legitimate commands and executes them outside the intended sandbox boundary. Cursor's sandbox was designed to prevent exactly this kind of host-level access, making the bypass particularly significant for developers relying on AI-assisted coding tools.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)
Log in to join the discussion and vote.
Log in