Post
HIGH

Critical Cursor Flaws Let Prompt Injection Escape Sandbox

· llm · rce · cve · ai-safety

Cato AI Labs disclosed two flaws in the Cursor AI code editor, tracked as CVE-2026-50548 and CVE-2026-50549 and rated 9.8 and 9.3 respectively. Named DuneSlide, the bugs let a single crafted prompt escape Cursor’s sandbox and execute arbitrary commands on the developer’s machine, with no click-through or approval prompt required. This is a direct prompt-injection-to-RCE chain against a widely used AI coding tool, not a theoretical jailbreak. Cursor users should apply the vendor’s patch as soon as available and treat untrusted repository content processed by Cursor as executable input.