CVE-2026-26268

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2.5

Description A sandbox escape allows for remote code execution (RCE) when the AI agent autonomously performs Git operations. A malicious actor can hide scripts within hidden Git hooks in nested bare repositories or use prompt injection to write to improperly protected .git settings. When the AI agent executes routine commands, such as git checkout, these hooks are triggered automatically without user interaction, warnings, or prompts, leading to unauthorized code execution on the developer's machine. This issue is facilitated by the AI agent's ability to execute system-level commands and its interaction with the Cursor Rules file.

Recommendations Update to version 2.5 or higher.