CVE-2026-50549 – Cursor
“A sandbox loses its value the moment an attacker can write outside its walls.”
Cursor addressed two Critical vulnerabilities affecting versions prior to 3.0. Both issues allow a malicious AI agent to bypass workspace isolation and write arbitrary files outside the intended workspace using the privileges of the logged-in user. By escaping the intended sandbox boundaries, an attacker could modify sensitive files and ultimately enable execution of commands outside the sandbox.
CVE-2026-50548 has a CVSS score of 9.3, which is Critical severity. CVE-2026-50549 has a CVSS score of 9.3, which is Critical severity. The first vulnerability abuses manipulation of the agent's working directory, while the second exploits a symlink and path canonicalization bypass to write outside the workspace without approval. Verified exploitation has not been reported. Upgrading to Cursor 3.0 remediates both vulnerabilities.
Key Details
- Affected Product
- Anysphere Cursor
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-59