CVE-2026-31854

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2.0

Description Cursor is a code editor designed for programming with AI. Prior to version 2.0, if a visited website contained maliciously crafted instructions, the model could attempt to follow them to assist the user. When combined with a bypass of the command whitelist mechanism, these indirect prompt injections could result in commands being executed automatically, without the user’s explicit intent, posing a significant security risk.

Recommendations Update to version 2.0 or later.