Security · 2h ago
Critical Cursor Flaws Let Prompt Injection Escape Sandbox
Two vulnerabilities in Cursor, an AI code editor, allow prompt injection to bypass the safety sandbox and execute arbitrary commands on a developer's machine. Tracked as CVE-2026-50548 and CVE-2026-50549, both have CVSS scores of 9.8. The flaws, dubbed DuneSlide, were discovered by Cato AI Labs.
Meridian48 take
The high severity underscores the risk of AI-assisted coding tools, where a single malicious prompt can compromise an entire development environment.
Read the full reporting
Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands →
The Hacker News
cursorprompt-injection