| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-31854 | Cursor Affected by Arbitrary Code Execution via Prompt Injection and Whitelist Bypass | cursor | cursor | - | - | 2026-03-11 17:11:52 | Deep Dive |
| CVE-2026-26268 | Cursor sandbox escape via Git hooks | cursor | cursor | High | 8.0 | 2026-02-13 16:54:05 | Deep Dive |
| CVE-2026-22708 | Cursor has a Terminal Tool Allowlist Bypass via Environment Variables | cursor | cursor | - | - | 2026-01-14 16:43:54 | Deep Dive |
| CVE-2025-62354 | Cursor 安全漏洞 | cursor | cursor | Critical | 9.8 | 2025-11-26 15:40:25 | Deep Dive |
| CVE-2025-64110 | Cursor: Authentication Bypass Possible via New Cursorignore Write | cursor | cursor | - | - | 2025-11-04 23:24:46 | Deep Dive |
| CVE-2025-64109 | Cursor CLI Beta: Command Injection via Untrusted MCP Configuration | cursor | cursor | High | 8.8 | 2025-11-04 23:09:49 | Deep Dive |
| CVE-2025-64108 | Cursor's Sensitive File Modification can Lead to NTFS Path Quirks | cursor | cursor | High | 8.8 | 2025-11-04 22:58:54 | Deep Dive |
| CVE-2025-64107 | Cursor is Vulnerable to Path Manipulation Using Backslashes on Windows | cursor | cursor | High | 8.8 | 2025-11-04 22:51:43 | Deep Dive |
| CVE-2025-64106 | Cursor: Speedbump Modal Bypass in MCP Server Deep-Link | cursor | cursor | High | 8.8 | 2025-11-04 22:48:15 | Deep Dive |
| CVE-2025-59944 | Cursor IDE: Sensitive File Overwrite Bypass is Possible | cursor | cursor | High | 8.0 | 2025-10-03 20:15:31 | Deep Dive |
| CVE-2025-61593 | Cursor CLI Agent: Sensitive File Overwrite Bypass | cursor | cursor | High | 7.1 | 2025-10-03 17:28:03 | Deep Dive |
| CVE-2025-61592 | Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config | cursor | cursor | High | 8.8 | 2025-10-03 17:23:38 | Deep Dive |
| CVE-2025-61591 | Cursor CLI's Cursor Agent MCP OAuth2 Communication is Vulnerable to Remote Code Execution | cursor | cursor | High | 8.8 | 2025-10-03 16:44:55 | Deep Dive |
| CVE-2025-61590 | Cursor is vulnerable to RCE via .code-workspace files using Prompt Injection | cursor | cursor | High | 7.5 | 2025-10-03 16:27:34 | Deep Dive |
| CVE-2025-61589 | Cursor: Potential Information Leakage via Mermaid Diagram | cursor | cursor | Medium | 5.9 | 2025-10-03 06:48:31 | Deep Dive |
| CVE-2025-9190 | TCC Bypass via misconfigured Node fuses in Cursor | Cursor | Cursor | - | - | 2025-08-26 12:23:00 | Deep Dive |
| CVE-2025-54130 | Cursor Agent is vulnerable prompt injection via Editor Special Files | cursor | cursor | High | 7.5 | 2025-08-05 00:12:29 | Deep Dive |
| CVE-2025-54135 | Cursor Agent is vulnerable to prompt injection via MCP Special Files | cursor | cursor | High | 8.5 | 2025-08-05 00:11:07 | Deep Dive |
| CVE-2025-54136 | Cursor's Modification of MCP Server Definitions Bypasses Manual Re-approvals | cursor | cursor | High | 7.2 | 2025-08-01 23:08:22 | Deep Dive |
| CVE-2025-54133 | Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog | cursor | cursor | 中危 | - | 2025-08-01 23:07:01 | Deep Dive |