The Hacker NewsThursday · July 2, 2026FREE

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

cursorai-codingprompt-injectionsandbox-escapesecurity

Critical vulnerabilities have been identified in Cursor, an AI-powered code editor, that could allow prompt injection attacks to escape the application's sandbox and execute arbitrary commands on the underlying system. The flaws, reported by security researchers, bypass the security restrictions designed to isolate AI-generated code and prompts from the host environment. This means an attacker could craft a malicious prompt that, when processed by Cursor, would break out of the sandbox and run commands with the user's privileges. The impact is significant because Cursor is widely used by developers for AI-assisted coding, and the sandbox is a key security feature meant to prevent AI-generated code from causing harm. The vulnerabilities could be exploited through various vectors, including opening a malicious file or visiting a compromised repository. The researchers demonstrated that the sandbox escape could lead to remote code execution, data exfiltration, and persistent access. The findings highlight the challenges of securing AI coding assistants that execute code and process untrusted input. Cursor has been notified and is working on fixes, but no specific patch version or timeline has been announced.

// why it matters

Developers using Cursor risk system compromise from prompt injection attacks that bypass the sandbox.

Sources

Primary · The Hacker News
▸ Read original at thehackernews.com

Like this? Get the next digest.