I
Agentic Intelligence · Infomly

Two zero-click RCE vulnerabilities just broke every Cursor IDE sandbox at 64% of Fortune 500 companies

AI-Assisted Content — Produced with AI assistance and human editorial review. Learn more
Two critical vulnerabilities in Cursor IDE just demonstrated that sandboxing autonomous coding agents is a myth.

CVE-2026-50548 and CVE-2026-50549 both carry 9.8 CVSS scores.

Both require zero user interaction.

Both let attackers overwrite the cursorsandbox binary and achieve full unsandboxed RCE on the host machine.

Cursor is used by 64% of Fortune 500 companies.

NVIDIA has 30,000 developers using it daily. Coinbase reduced idea-to-production time by 90%.

The attack works through prompt injection.

An attacker poisons an MCP server response or a web search result. The agent ingests it. The sandbox grants write access to the working directory. The agent sets that directory to a sensitive location. The sandbox binary gets overwritten. Every subsequent command runs unsandboxed.

This is not a developer tool problem. This is a supply chain attack vector.

If your engineering organization uses Cursor, an attacker can compromise your entire codebase through a single poisoned prompt. No credentials needed. No user action required.

Cato AI Labs says they're finding similar vulnerabilities across other coding agents.

Audit your Cursor deployments today. Update to version 3.0 immediately. Review every AI coding tool your developers have installed. The sandbox you trusted does not exist.
💬 Consultation · Got questions? Talk to an expert →
Enterprise AI Impact — filtered for signal, not noise The AI briefing CTOs read before their morning meeting 3 minutes. Zero fluff. Only what moves the needle. $5/mo — your cheapest competitive edge
Subscribe — $5/mo

0 Comments

No comments yet. Be the first.