Two high-severity vulnerabilities in Cursor AI editor allowed arbitrary command execution without user interaction. Patch now available in Cursor 3.0.

Patched in Cursor 3.0, CVE-2026-50548 and CVE-2026-50549 could enable zero-click command execution via hidden instructions.

Two high-severity vulnerabilities in Cursor AI editor allowed arbitrary command execution without user interaction. Patch now available in Cursor 3.0.