Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands
Patched in Cursor 3.0, CVE-2026-50548 and CVE-2026-50549 could enable zero-click command execution via hidden instructions.
More info
