Description
Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections could result in commands being executed automatically, without the user’s explicit intent, thereby posing a significant security risk. This vulnerability is fixed in 2.0.
Published: 2026-03-11
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an OS command injection that arises when the model processes malicious instructions presented on a visited website. By bypassing the command whitelist, the system may unknowingly execute those instructions, resulting in arbitrary code execution. The impact includes potential confidentiality, integrity, and availability compromise for the user’s environment.

Affected Systems

Cursor’s code editor is affected for all releases prior to version 2.0. Users running the product before the 2.0 update are susceptible to this flaw.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, while an EPSS score of less than 1 % suggests a low likelihood of current exploitation. It is not listed in the CISA KEV catalog. The likely attack vector is a maliciously crafted web page that a user infects the editor with while it is running, combined with a whitelist bypass that the editor inadvertently permits.

Generated by OpenCVE AI on March 20, 2026 at 17:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cursor to version 2.0 or later.

Generated by OpenCVE AI on March 20, 2026 at 17:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Anysphere
Anysphere cursor
CPEs cpe:2.3:a:anysphere:cursor:*:*:*:*:*:*:*:*
Vendors & Products Anysphere
Anysphere cursor
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Cursor
Cursor cursor
Vendors & Products Cursor
Cursor cursor

Wed, 11 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Description Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections could result in commands being executed automatically, without the user’s explicit intent, thereby posing a significant security risk. This vulnerability is fixed in 2.0.
Title Cursor Affected by Arbitrary Code Execution via Prompt Injection and Whitelist Bypass
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Anysphere Cursor
Cursor Cursor
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-11T17:35:37.440Z

Reserved: 2026-03-09T19:02:25.011Z

Link: CVE-2026-31854

cve-icon Vulnrichment

Updated: 2026-03-11T17:35:28.850Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T17:16:58.917

Modified: 2026-03-20T16:34:35.143

Link: CVE-2026-31854

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:55:21Z

Weaknesses