Sandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vector

Summary

Researchers have discovered two critical vulnerabilities, CVE-2026-50548 and CVE-2026-50549, in the Cursor AI-enabled IDE that allow for remote code execution through prompt injection. These flaws enable attackers to bypass the IDE's sandbox by tricking the AI agent into executing malicious code ingested from untrusted sources. Cursor has since patched these vulnerabilities in version 3.0.

IFF Assessment

FOE

This is bad news for defenders as it highlights a new attack vector for remote code execution by exploiting vulnerabilities in AI-powered development tools through prompt injection.

Severity

9.8 Critical

The vulnerabilities allow for remote code execution (RCE) without prior user privileges or specific interaction, indicating a high attack vector and severe impact on system confidentiality, integrity, and availability.

Defender Context

This incident underscores the growing threat of prompt injection attacks, especially in AI-integrated tools like IDEs. Defenders should be aware of how LLMs can be manipulated to execute unintended code and should scrutinize the security of AI-assisted applications.

Read Full Story →