Back to CVE List

CVE-2026-31854

Vulnerability Description

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections could result in commands being executed automatically, without the user’s explicit intent, thereby posing a significant security risk. This vulnerability is fixed in 2.0.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-78
Source
NVD
Vendor
cursor
Product
cursor

External References

Discussion (0)

Add Comment

No comments yet. Be the first!