Security · 2h ago
Cursor IDE Sandbox Flaws Enable Remote Code Execution via Prompt Injection
Two CVEs in Cursor IDE allow attackers to achieve remote code execution by poisoning inputs the AI agent reads, such as MCP server responses or web search results. The flaws, CVE-2026-50548 and CVE-2026-50549, bypass the command execution sandbox without requiring user interaction. A developer's normal prompt can inadvertently trigger the attack when the agent fetches malicious content from untrusted sources.
Meridian48 take
The disclosure underscores a fundamental security challenge for AI coding tools: sandboxing is only as strong as the model's ability to distinguish data from instructions, and these CVEs show that boundary is still porous.
cursor-ideprompt-injection