CVE-2026-26268
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2Description
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time they are triggered. No user interaction was required as Git executes these commands automatically. Fixed in version 2.5.
Analysis
Cursor versions before 2.5 allow sandbox escape through improper .git configuration file protections, enabling malicious prompts or agents to write git hooks that execute arbitrary code when git commands are triggered. An attacker can achieve remote code execution without user interaction since git automatically executes these hooks, potentially compromising systems where Cursor is used for AI-assisted development. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Cursor installations and identify affected versions prior to 2.5; communicate vulnerability to development teams and restrict Cursor usage to non-sensitive projects if possible. Within 7 days: Upgrade all instances to Cursor version 2.5 or later when available; conduct code repository audits for unauthorized .git modifications. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today