CVE-2026-31854

High CVSS: 8.7

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections could result in commands being executed automatically, without the user’s explicit intent, thereby posing a significant security risk. This vulnerability is fixed in 2.0.

Vendor

Anysphere

Product

Cursor

CWE

CWE-78

Yayın Tarihi

2026-03-11 17:16:58

Güncelleme

2026-03-20 16:34:35

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-78 Cursor HIGH Anysphere 2026

Referanslar

https://github.com/cursor/cursor/security/advisories/GHSA-hf2x-r83r-qw5q

Benzer Kayıtlar

High

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in ver…

High

CVE-2026-22708

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode wi…

High

CVE-2025-64110

Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agen…

High

CVE-2025-64106

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor'…

High

CVE-2025-64107

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may…

High

CVE-2025-64108

Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a pr…