Cursor DuneSlide: two critical sandbox escapes in the AI IDE (CVE-2026-50548 / -50549)
Two CVSS 9.3 flaws let a prompt-injected agent write outside Cursor's workspace and reach OS-level RCE. Patched in Cursor 3.0. Credit: Cato AI Labs.
Two CVSS 9.3 flaws let a prompt-injected agent write outside Cursor's workspace and reach OS-level RCE. Patched in Cursor 3.0. Credit: Cato AI Labs.