Home / Jul 05, 2026 / Story
0
#3 SecurityWeek general July 03, 2026 at 07:57 UTC

Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution

By Ionut Arghire

AI Summary

A set of critical vulnerabilities dubbed DuneSlide in the Cursor AI code editor enable zero-click prompt injection attacks that escape the application's sandbox and achieve OS-level remote code execution. Given Cursor's growing adoption among developers, these flaws pose supply-chain-adjacent risks where malicious code or untrusted prompts in a developer's workflow could fully compromise the host machine.

Relevance score: 84.0/100

# More from July 05