Skip to content

Critical Vulnerabilities in Cursor Enable Sandbox Bypass

Bottom line: Two critical vulnerabilities in Cursor enable attackers to bypass the sandbox and execute code without user interaction.

The AI IDE Cursor contains two critical security flaws that allow zero-click prompt injection and arbitrary code execution on the host system. Attackers can use these to completely circumvent sandbox mechanisms.

Two critical security vulnerabilities have been identified in the AI IDE Cursor that enable attackers to conduct prompt injection attacks without user interaction and subsequently execute arbitrary code on the host system. The vulnerabilities allow attackers to completely bypass the intended sandbox restrictions.

These gaps create a critical attack surface for organizations deploying Cursor in development. An attacker could leverage manipulated inputs or LLM-mediated exploits to achieve system code execution on end-user machines without requiring the user to perform any suspicious action.

The update to version 3.0 is classified as mandatory. For CISOs, this means immediate review of Cursor deployments within the enterprise and mandatory updates for all users is required. Until then, Cursor usage with insecure or untrusted data sources should be discontinued.


Source: www.security-insider.de · Published 6 July 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: