CVE-2026-26268

High CVSS: 8.0

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time they are triggered. No user interaction was required as Git executes these commands automatically. Fixed in version 2.5.

Vendor

Anysphere

Product

Cursor

CWE

CWE-862

Yayın Tarihi

2026-02-13 17:16:14

Güncelleme

2026-02-18 17:59:35

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-862 Cursor HIGH Anysphere 2026

Referanslar

https://github.com/cursor/cursor/security/advisories/GHSA-8pcm-8jpx-hv8r

Benzer Kayıtlar

High

CVE-2026-31854

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted i…

High

CVE-2026-22708

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode wi…

High

CVE-2025-64110

Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agen…

High

CVE-2025-64106

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor'…

High

CVE-2025-64107

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may…

High

CVE-2025-64108

Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a pr…