← Back to Vulnerability Reports CVE Intelligence

CVE-2026-50548

Anysphere CursorCRITICAL · CVSS 9.8 In the wild

What is CVE-2026-50548?

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the working_directory parameter, which could cause the sandbox to include writable paths outside the intended workspace. A malicious agent could set working_directory to a sensitive location and write arbitrary files outside the workspace under the user's privileges. This enables non-sandboxed Remote Code Execution — for example by overwriting the cursorsandbox helper so later commands run unsandboxed — with no user interaction beyond a benign prompt. This vulnerability is fixed in 3.0.

CVSS9.8 NVD 3.1
SeverityCRITICAL
Exploitation In the wild
EPSS1% · P46
Triage statusActive Exploit
ActionPatch within 48 hours
CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD published2026-06-25
NVD last modified2026-06-26

Timeline

  • 2026-06-25Published to the U.S. National Vulnerability Database (NVD)
  • 2026-06-26NVD record last updated

Affected product

Anysphere Cursor

Remediation Steps

  1. Update Cursor to the latest patched version
  2. Disable or restrict execution of untrusted code snippets and prompts
  3. Review Cursor's sandbox configuration and security settings
  4. Educate users on risks of prompt injection attacks

Referenced in our briefings & reports

Browse all tracked CVEs in the defend.network CVE database →

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

Get Critical CVE Alerts

Subscribe free and hear about actively exploited CVEs like this one first.