CVE-2026-50548
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk40th percentile — higher than 40% of all known CVEs
Summary
A vulnerability in Cursor before version 3.0 allows a malicious agent to modify the working_directory parameter, enabling file writes outside the intended workspace. This can lead to remote code execution without user interaction, e.g., by overwriting the cursorsandbox helper.
Risk Assessment
An attacker can gain full control over the victim's system by executing arbitrary code outside the sandbox, posing a serious threat to data confidentiality and integrity.
Recommendation
Immediately update Cursor to version 3.0 or later, which contains a fix for this vulnerability.
Original NVD description (English source)
Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the working_directory parameter, which could cause the sandbox to include writable paths outside the intended workspace. A malicious agent could set working_directory to a sensitive location and write arbitrary files outside the workspace under the user's privileges. This enables non-sandboxed Remote Code Execution — for example by overwriting the cursorsandbox helper so later commands run unsandboxed — with no user interaction beyond a benign prompt. This vulnerability is fixed in 3.0.

