← Back to Vulnerability Reports CVE Intelligence

CVE-2026-50549

Anysphere CursorCRITICAL · CVSS 9.8 In the wild

What is CVE-2026-50549?

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path and writes without approval. A malicious agent can create an in-workspace symlink that points outside the workspace and force canonicalization to fail — either because the target does not exist or because read permission is removed from the path — so the agent writes through the symlink to an arbitrary location without approval. A malicious agent could write arbitrary files outside the workspace under the user's privileges. This enables non-sandboxed Remote Code Execution — for example by overwriting the cursorsandbox helper so later commands run unsandboxed — with no user interaction beyond a benign prompt. This vulnerability is fixed in 3.0.

CVSS9.8 NVD 3.1
SeverityCRITICAL
Exploitation In the wild
EPSS1% · P46
Triage statusActive Exploit
ActionPatch within 48 hours
CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD published2026-06-25
NVD last modified2026-06-26

Timeline

  • 2026-06-25Published to the U.S. National Vulnerability Database (NVD)
  • 2026-06-26NVD record last updated

Affected product

Anysphere Cursor

Remediation Steps

  1. Update Cursor to the latest patched version
  2. Disable or restrict execution of untrusted code snippets and prompts
  3. Review Cursor's sandbox configuration and security settings
  4. Educate users on risks of prompt injection attacks

Referenced in our briefings & reports

Browse all tracked CVEs in the defend.network CVE database →

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

Get Critical CVE Alerts

Subscribe free and hear about actively exploited CVEs like this one first.