All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Critical Cursor AI IDE Vulnerabilities Allow Remote Code Execution via Prompt Injection

3h ago· 1 min readenNews

Summary

Two critical vulnerabilities (CVE-2026-50548 and CVE-2026-50549) have been discovered in Cursor AI IDE, each with a CVSS score of 9.8. Named DuneSlide, these flaws enable remote code execution outside the IDE sandbox through prompt injection and automatic terminal command execution that bypasses user approval. Attackers can manipulate the sandbox's working_directory allow list by inducing victims to ingest malicious payloads.

Source

bskyCritical Cursor AI IDE Vulnerabilities Allow Remote Code Execution via Prompt Injectionbriefly.co

Key quotes

· 3 pulled
Cato Networks reports two critical Cursor vulnerabilities, CVE-2026-50548 and CVE-2026-50549, each with a CVSS score of 9.8, enabling remote code execution outside the IDE sandbox.
The defects are named DuneSlide and abuse automatic terminal command execution inside the sandbox that does not prompt for approval.
A victim can be induced to ingest an attacker-controlled payload that manipulates the sandbox working_directory allow list.
Snippet from the RSS feed
Two Cursor vulnerabilities enable remote code execution outside the IDE sandbox via prompt injection and terminal command execution without user approval.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.