
Sandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vector
Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE).
The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549, allow attackers to break out of Cursor’s command execution sandbox, the protective layer that’s supposed to prevent the internal AI agent from performing rogue actions on the underlying operating system.
“The exploit requires no prior user privileges or specific user interaction,” researchers from Cato Networks, who found the flaws, said in their report. “It is triggered when a victim makes an innocuous prompt that inadver...