Auth bypass in Cursor
CVE-2026-61613
Cursor is a code editor built for programming with AI. Prior to the Cloud Agent fix on 03/31/2026, browser-enabled Cursor Cloud Agent sessions allowed attacker-controlled web content to connect from inside the agent container to an unauthe…
Vulnerability class: Broken Authentication
Affected products
- Cursor — versions < 03/31/2026
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)