Critical Cursor IDE RCE Vulnerabilities Enable Prompt Injection in Zero-Click
6 Articles
6 Articles
Cursor IDE Vulnerabilities Let Prompt Injection Escape the Sandbox
Two critical Cursor IDE vulnerabilities, dubbed DuneSlide, let prompt injection break the editor's command sandbox with no click required. Both are fixed in Cursor 3.0. Cursor IDE Vulnerabilities Let Prompt Injection Escape the Sandbox on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Critical Cursor IDE Flaws Let Attackers Execute Code via Zero-Click Prompt Injection
Two significant remote code execution (RCE) vulnerabilities in the widely used Cursor ID expose developers to zero-click attacks driven by prompt injection. These vulnerabilities, tracked as CVE-2026-50548 and CVE-2026-50549, collectively known as “DuneSlide,” carry a CVSS score of 9.8. They demonstrate how development environments powered by large language models (LLMs) can unintentionally increase the attack […] The post Critical Cursor IDE Fl…
Sandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vector
Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549, allow attackers to break out of Cursor’s command execution sandbox, the protective layer that’s supposed to prevent the internal AI agent from performing rogue actions on the …
Critical Cursor IDE RCE Vulnerabilities Enable Prompt Injection in Zero-Click
Two critical remote code execution (RCE) vulnerabilities in Cursor IDE, the AI-power Cato AI Labs has disclosed two flaws, dubbed ” DuneSlide, ” both of which carry a 9.8 CVSS severity score and were assigned CVE-2026-50548 and CVE-2026-50549, allowing attackers to break out of Cursor’s sandbox entirely. The vulnerabilities demonstrate that prompt injection attacks can […] The post Critical Cursor IDE RCE Vulnerabilities Enable Prompt Injection …
Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands
Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair and named them DuneSlide. They are tracked as CVE-2026-50548 and CVE-2026-50549, both rated 9.8 out of 10 (or 9.3

Coverage Details
Bias Distribution
- There is no tracked Bias information for the sources covering this story.
Factuality
To view factuality data please Upgrade to Premium



