DuneSlide: Two Cursor Bugs That Turn Prompt Injection Into Zero-Click RCE
Cato AI Labs disclosed CVE-2026-50548 and CVE-2026-50549, a pair of 9.8 CVSS flaws in Cursor's terminal sandbox. A poisoned MCP response or web result can escape the sandbox and run code. Cursor 3.0 is the fix.