Critical Cursor IDE Flaws Enable Full Sandbox Escape and Remote Code Execution
RedSide Security July 01, 2026 Vulnerability 4 views
Two critical vulnerabilities in Cursor IDE, tracked as CVE-2026-50548 and CVE-2026-50549, allow attackers to escape the platform's sandbox and achieve full remote code execution through prompt injection. The flaws demonstrate how AI-driven coding agents can expose traditional software attack surfaces, leading to system compromise without user approval.