{"slug": "cato-labs-discloses-critical-rce-flaws-in-cursor-ide", "title": "Cato Labs Discloses Critical RCE Flaws In Cursor IDE", "summary": "Cato AI Labs disclosed two critical remote-code-execution vulnerabilities in Cursor IDE on July 1, 2026, tracked as CVE-2026-50548 and CVE-2026-50549, with a CVSS score of 9.8. The flaws allow zero-click indirect prompt injection to escape Cursor's terminal sandbox and achieve full RCE on a developer's machine. Cursor shipped fixes in version 3.0 on April 2 after Cato reported the issues in February, and Cato is now disclosing similar issues in other coding agents.", "body_md": "For teams that treat AI coding agents as just another IDE plugin, DuneSlide is a reminder that giving an LLM unsupervised command-execution privileges creates an entirely new class of remote-code-execution attack surface that classical sandboxing was never designed to stop. Cato AI Labs disclosed on July 1, 2026 two critical, 9.8-CVSS vulnerabilities in Cursor IDE, tracked as CVE-2026-50548 and CVE-2026-50549, that let a zero-click, indirect prompt injection, delivered through something as ordinary as an MCP server response or a poisoned web search result, escape Cursor's terminal sandbox and achieve full remote code execution on a developer's machine. Cato said it reported both flaws in February, and Cursor shipped fixes for both in its version 3.0 release on April 2, with CVE IDs formally assigned June 5. Cato, whose researchers describe Cursor as used by over half the Fortune 500, said it is now disclosing similar issues across other popular coding agents.", "url": "https://wpnews.pro/news/cato-labs-discloses-critical-rce-flaws-in-cursor-ide", "canonical_source": "https://letsdatascience.com/news/cato-labs-discloses-critical-rce-flaws-in-cursor-ide-a8f79d5e", "published_at": "2026-07-03 22:20:47+00:00", "updated_at": "2026-07-03 22:53:25.621796+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "large-language-models", "ai-tools", "developer-tools"], "entities": ["Cato AI Labs", "Cursor IDE", "Cato Labs", "Cursor", "Fortune 500"], "alternates": {"html": "https://wpnews.pro/news/cato-labs-discloses-critical-rce-flaws-in-cursor-ide", "markdown": "https://wpnews.pro/news/cato-labs-discloses-critical-rce-flaws-in-cursor-ide.md", "text": "https://wpnews.pro/news/cato-labs-discloses-critical-rce-flaws-in-cursor-ide.txt", "jsonld": "https://wpnews.pro/news/cato-labs-discloses-critical-rce-flaws-in-cursor-ide.jsonld"}}