For teams that treat AI coding agents as just another IDE plugin, DuneSlide is a reminder that giving an LLM unsupervised command-execution privileges creates an entirely new class of remote-code-execution attack surface that classical sandboxing was never designed to stop. Cato AI Labs disclosed on July 1, 2026 two critical, 9.8-CVSS vulnerabilities in Cursor IDE, tracked as CVE-2026-50548 and CVE-2026-50549, that let a zero-click, indirect prompt injection, delivered through something as ordinary as an MCP server response or a poisoned web search result, escape Cursor's terminal sandbox and achieve full remote code execution on a developer's machine. Cato said it reported both flaws in February, and Cursor shipped fixes for both in its version 3.0 release on April 2, with CVE IDs formally assigned June 5. Cato, whose researchers describe Cursor as used by over half the Fortune 500, said it is now disclosing similar issues across other popular coding agents.
Cursor AI Editor Patched Critical Sandbox Escape Flaws