CVE-2026-22708

CVSS v4.0

7.2

Vector

AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2.3

Description Cursor is a code editor designed for programming with AI. When the Cursor Agent operates in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can be executed without appearing on the allowlist and without user approval. This allows an attacker, through indirect or direct prompt injection, to compromise the shell environment by setting, modifying, or removing environment variables that impact trusted commands. This can lead to remote code execution (RCE).

Recommendations Versions prior to 2.3 should be updated to version 2.3.

Fix

RCE

Special Elements Injection

Code Injection

Command Injection

OS Command Injection

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-94CWE-77CWE-15CWE-78CWE-269

Related Identifiers

CVE-2026-22708

Affected Products

Cursor

CVE-2026-22708

Weakness Enumeration

Related Identifiers

Affected Products

References · 8