Vulnerability in Cursor
CVE-2026-50549
Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when ca…
Affected products
- Cursor — versions < 3.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)