Bottom line: The vulnerabilities CVE-2026-50548 and CVE-2026-50549 in Cursor endanger developers through prompt-based sandbox escapes with CVSS scores of 9.8 and 9.3.
Two flaws in the AI code editor Cursor make it possible to bypass the security sandbox via manipulated prompts and execute arbitrary commands on the developer’s computer – without user interaction or confirmation dialogs.
Cato AI Labs has discovered two critical flaws in the AI code editor Cursor and designated them as DuneSlide. The vulnerabilities are registered as CVE-2026-50548 and CVE-2026-50549, both with CVSS ratings of 9.8 and 9.3 respectively. They allow attackers to break through the editor’s security sandbox and execute arbitrary commands on the affected system.
The critical feature of these vulnerabilities is that they require no user interaction – neither a click nor confirmation in a dialog window. A single, subtly formulated prompt is sufficient to trigger the escape condition. This makes the flaws particularly dangerous for developers who use Cursor with automated prompt handling or in integrated workflows.
For CTOs and security officers, this presents a significant risk: Cursor is frequently operated as a development tool directly with source code repositories, IDE configurations, and local privileges. A successful exploit could provide access to sensitive files, credentials, or build systems.
Source: thehackernews.com · Published 1 July 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 of the EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.