Cursor AI Editor Vulnerabilities Allow Command Execution
Two critical vulnerabilities discovered in the Cursor AI code editor, collectively named DuneSlide, could allow attackers to execute arbitrary commands on a developer's computer. These flaws, tracked as CVE-2026-50548 and CVE-2026-50549, were identified by Cato AI Labs and are rated with a severity score of 9.8 out of 10, with one specific vulnerability rated 9.3. The vulnerabilities exploit a prompt injection technique that bypasses the editor's sandbox security measures without requiring any user interaction, such as clicking a button or approving a prompt.
Cato AI Labs detailed in a security advisory that the DuneSlide vulnerabilities enable a malicious prompt to escape the intended confines of the AI code editor. This escape allows the prompt to then execute any command on the developer's host system. The exploit is particularly concerning because it does not rely on social engineering tactics like tricking a user into clicking a malicious link or approving an unexpected dialog box. Instead, the vulnerability lies within the core functionality of how Cursor processes prompts and interacts with the underlying operating system.
Cursor, developed by Tilde, Inc., is an AI-first code editor designed to integrate large language models directly into the development workflow. It aims to assist developers with tasks such as code generation, debugging, and documentation. The severity of these vulnerabilities, as indicated by their high CVSS scores, suggests a significant risk to users who employ Cursor for their development work. The lack of user interaction required for exploitation makes it a potent threat vector for remote code execution attacks.
Original source — read the full reporting at the publisher:
Read on The Hacker News