RCE in Cursor

CVE-2026-31854

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the com…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (18.5th percentile) — read the EPSS interpretation.