
Cursor IDE Critical RCE Flaws Let Attackers Overwrite System Files via Prompt Injection
Two critical remote code execution flaws in Cursor IDE let attackers exploit prompt injection to escape the editor’s sandbox and take over developer machines. Cato AI Labs has disclosed these vulnerabilities, collectively named “DuneSlide,” affecting the AI-powered code editor used by more than half of the Fortune 500. Both flaws, tracked as CVE-2026-50548 and CVE-2026-50549, […]
The post Cursor IDE Critical RCE Flaws Let Attackers Overwrite System Files via Prompt Injection appeared first on Cyber Security News.