Home / Jul 02, 2026 / Story
0
#8 The Hacker News general July 01, 2026 at 14:42 UTC

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

By [email protected] (The Hacker News)

AI Summary

Cato AI Labs discovered two critical flaws in the Cursor AI code editor, tracked as CVE-2026-50548 and CVE-2026-50549 (both rated 9.8 CVSS), collectively named DuneSlide, which allow a malicious prompt injection to break out of the editor's sandbox and execute arbitrary commands on a developer's machine with no user interaction. The vulnerabilities are particularly dangerous for developer workstations handling sensitive code and secrets.

Relevance score: 81.0/100

# More from July 02