CVE-2026-31854
Vulnerability Description
Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections could result in commands being executed automatically, without the user’s explicit intent, thereby posing a significant security risk. This vulnerability is fixed in 2.0.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-78
Source
NVD
Vendor
cursor
Product
cursor
Discussion (0)
Add Comment
No comments yet. Be the first!