#8
The Hacker News
general
July 01, 2026 at 14:42 UTC
Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands
By [email protected] (The Hacker News)
AI Summary
Cato AI Labs discovered two critical flaws in the Cursor AI code editor, tracked as CVE-2026-50548 and CVE-2026-50549 (both rated 9.8 CVSS), collectively named DuneSlide, which allow a malicious prompt injection to break out of the editor's sandbox and execute arbitrary commands on a developer's machine with no user interaction. The vulnerabilities are particularly dangerous for developer workstations handling sensitive code and secrets.
Relevance score: 81.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →