Path Traversal in Cursor
CVE-2026-50548
Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agen…
Vulnerability class: Path Traversal (Directory Traversal)
Affected products
- Cursor — versions < 3.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)