VYPR

Vendor CVEs

Getcursor

All CVEs

27 total · sorted by risk
  • CVE-2025-62354CriNov 26, 2025
    risk 0.64cvss 9.8epss 0.01

    Improper neutralization of special elements used in an OS command ('command injection') in Cursor allows an unauthorized attacker to execute commands that are outside of those specified in the allowlist, resulting in arbitrary code execution.

  • CVE-2024-48919CriOct 22, 2024
    risk 0.60cvss epss 0.00

    Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over…

  • CVE-2025-64109HigNov 5, 2025
    risk 0.57cvss 8.8epss 0.00

    Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP (Model Context Protocol) server mechanism by uploading a malicious MCP configuration in…

  • CVE-2026-48124HigJun 15, 2026
    risk 0.55cvss epss 0.00

    Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could…

  • CVE-2025-32018HigApr 8, 2025
    risk 0.52cvss 8.0epss 0.00

    Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either…

  • CVE-2025-49150MedJun 11, 2025
    risk 0.38cvss 5.9epss 0.00

    Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation.…

  • CVE-2025-9190MedAug 26, 2025
    risk 0.31cvss epss 0.00

    The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC (Transparency, Consent, and Control) permissions. Acquired resource access is limited to…

  • CVE-2024-45599LowSep 25, 2024
    risk 0.25cvss 3.8epss 0.00

    Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access,…

  • CVE-2026-31854Mar 11, 2026
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such…

  • CVE-2026-26268Feb 13, 2026
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause…

  • CVE-2026-22708Jan 14, 2026
    risk 0.00cvss epss 0.01

    Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an…

  • CVE-2025-64110Nov 4, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive files that should be protected via cursorignore. An attacker who has already achieved prompt injection, or a malicious model, could create…

  • CVE-2025-64108Nov 4, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite. Modification of some of…

  • CVE-2025-64107Nov 4, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes (./.cursor/./././././mcp.json etc.), and requires human approval to complete the operation.…

  • CVE-2025-64106Nov 4, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose…

  • CVE-2025-59944Oct 3, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive files (e.g., */.cursor/mcp.json), which allows attackers to modify the content of these files through prompt injection and…

  • CVE-2025-61593Oct 3, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files (i.e. */.cursor/cli.json) allows attackers to modify the content of the files through prompt injection, thus achieving…

  • CVE-2025-61592Oct 3, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory (/.cursor/cli.json) could override certain global configurations in Cursor CLI. This allowed…

  • CVE-2025-61591Oct 3, 2025
    risk 0.00cvss epss 0.01

    Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can impersonate a malicious MCP server and return crafted, maliciously injected commands during the interaction process,…

  • CVE-2025-61590Oct 3, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings (pretty similar to…

  • CVE-2025-61589Oct 3, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker…

  • CVE-2025-54130Aug 5, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the…

  • CVE-2025-54135Aug 5, 2025
    risk 0.00cvss epss 0.02

    Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the…

  • CVE-2025-54136Aug 1, 2025
    risk 0.00cvss epss 0.08

    Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's…

  • CVE-2025-54133Aug 1, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP (Model Context Protocol) deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social…

  • CVE-2025-54132Aug 1, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party…

  • CVE-2025-54131Aug 1, 2025
    risk 0.00cvss epss 0.00

    Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick (`) or $(cmd). If a user has swapped Cursor from its default settings (requiring approval for every terminal call) to an…