Danus365

**Name of the Vulnerable Software and Affected Versions** Cursor versions prior to 2.3 **Description** Cursor is a code editor designed for programming with AI. When the Cursor Agent operates in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can be executed without appearing on the allowlist and without user approval. This allows an attacker, through indirect or direct prompt injection, to compromise the shell environment by setting, modifying, or removing environment variables that impact trusted commands. This can lead to remote code execution (RCE). **Recommendations** Versions prior to 2.3 should be updated to version 2.3.