PT-2026-47154 · Undefined · Undefined
Published
2026-06-06
·
Updated
2026-06-06
·
CVE-2026-50548
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
🚨 Critical - Sandbox Escape & RCE in Cursor AI Editor (CVE-2026-50549, CVE-2026-50548)
Two critical vulnerabilities have been disclosed in Cursor's AI agent sandbox. Malicious agents can exploit canonicalization failures via symlinks or manipulate the working directory parameter to write arbitrary files outside the workspace under the user's privileges.
👉 Leads to unsandboxed Remote Code Execution (RCE) with zero user interaction | Upgrade Cursor to version 3.0 immediately to block these vectors
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Undefined