Cursor patched critical vulnerabilities CVE-2026-50548 and CVE-2026-50549 (DuneSlide) that enable prompt injection attacks leading to OS-level remote code execution.

Patched in Cursor 3.0, CVE-2026-50548 and CVE-2026-50549 could enable zero-click command execution via hidden instructions.

Two high-severity vulnerabilities in Cursor AI editor allowed arbitrary command execution without user interaction. Patch now available in Cursor 3.0.

New vulnerabilities in Cursor IDE expose how prompt injection can bypass AI sandbox protections to enable remote code execution.

Cursor patched critical vulnerabilities CVE-2026-50548 and CVE-2026-50549 (DuneSlide) that enable prompt injection attacks leading to OS-level remote code execution.