cursor
Top products
Latest CVEs
The 14 most recently published vulnerabilities affecting cursor.
- CVE-2026-50548Cursor Desktop sandbox escape via agent-controlled working directory9.8
- CVE-2026-50549Cursor Desktop sandbox escape via symlink and failed path canonicalization9.8
- CVE-2025-62354Improper neutralization of special elements used in an OS command ('command injection') in Cursor allows an unauthorized attacker to execute commands that are outside of those specified in the allo...9.8
- CVE-2025-61593Cursor CLI Agent: Sensitive File Overwrite Bypass7.1
- CVE-2025-61592Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config8.8
- CVE-2025-61591Cursor CLI's Cursor Agent MCP OAuth2 Communication is Vulnerable to Remote Code Execution8.8
- CVE-2025-61590Cursor is vulnerable to RCE via .code-workspace files using Prompt Injection7.5
- CVE-2025-61589Cursor: Potential Information Leakage via Mermaid Diagram5.9
- CVE-2025-54130Cursor Agent is vulnerable prompt injection via Editor Special Files7.5
- CVE-2025-54135Cursor Agent is vulnerable to prompt injection via MCP Special Files8.5
- CVE-2025-54136Cursor's Modification of MCP Server Definitions Bypasses Manual Re-approvals7.2
- CVE-2025-54133Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog9.6
- CVE-2025-54132Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch4.4
- CVE-2025-54131Cursor bypasses its allow list to execute arbitrary commands6.4