Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

cursor — Vulnerabilities & Security Advisories 26

All 26 CVE vulnerabilities found in cursor, with AI-generated Chinese analysis, references, and POCs.

Vendor: getcursor

CVE IDTitleCVSSSeverityPublished
CVE-2026-31854 Cursor Affected by Arbitrary Code Execution via Prompt Injection and Whitelist Bypass CWE-78 8.8AIHighAI2026-03-11
CVE-2026-26268 Cursor sandbox escape via Git hooks CWE-862 8.1 High2026-02-13
CVE-2026-22708 Cursor has a Terminal Tool Allowlist Bypass via Environment Variables CWE-15 9.1AICriticalAI2026-01-14
CVE-2025-62354 Cursor 安全漏洞 CWE-78 9.8 Critical2025-11-26
CVE-2025-64110 Cursor: Authentication Bypass Possible via New Cursorignore Write CWE-284 6.5AIMediumAI2025-11-04
CVE-2025-64109 Cursor CLI Beta: Command Injection via Untrusted MCP Configuration CWE-78 8.8 High2025-11-04
CVE-2025-64108 Cursor's Sensitive File Modification can Lead to NTFS Path Quirks CWE-22 8.8 High2025-11-04
CVE-2025-64107 Cursor is Vulnerable to Path Manipulation Using Backslashes on Windows CWE-22 8.8 High2025-11-04
CVE-2025-64106 Cursor: Speedbump Modal Bypass in MCP Server Deep-Link CWE-78 8.8 High2025-11-04
CVE-2025-59944 Cursor IDE: Sensitive File Overwrite Bypass is Possible CWE-178 8.1 High2025-10-03
CVE-2025-61593 Cursor CLI Agent: Sensitive File Overwrite Bypass CWE-178 7.1 High2025-10-03
CVE-2025-61592 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config CWE-829 8.8 High2025-10-03
CVE-2025-61591 Cursor CLI's Cursor Agent MCP OAuth2 Communication is Vulnerable to Remote Code Execution CWE-78 8.8 High2025-10-03
CVE-2025-61590 Cursor is vulnerable to RCE via .code-workspace files using Prompt Injection CWE-94 7.5 High2025-10-03
CVE-2025-61589 Cursor: Potential Information Leakage via Mermaid Diagram CWE-200 5.9 Medium2025-10-03
CVE-2025-9190 TCC Bypass via misconfigured Node fuses in Cursor CWE-276 7.3AIHighAI2025-08-26
CVE-2025-54130 Cursor Agent is vulnerable prompt injection via Editor Special Files CWE-285 7.5 High2025-08-05
CVE-2025-54135 Cursor Agent is vulnerable to prompt injection via MCP Special Files CWE-78 8.6 High2025-08-05
CVE-2025-54136 Cursor's Modification of MCP Server Definitions Bypasses Manual Re-approvals CWE-78 7.2 High2025-08-01
CVE-2025-54133 Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog CWE-78 8.1 -2025-08-01
CVE-2025-54132 Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch CWE-918 4.4 Medium2025-08-01
CVE-2025-54131 Cursor bypasses its allow list to execute arbitrary commands CWE-77 6.4 Medium2025-08-01
CVE-2025-49150 Cursor Agent Potentially Leaks Information using JSON schema CWE-200 5.9 Medium2025-06-11
CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs CWE-22 8.1 High2025-04-08
CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K CWE-20 8.8AIHighAI2024-10-22
CVE-2024-45599 TCC Bypass in Cursor's macOS Application CWE-277 3.8 Low2024-09-24

All 26 known CVE vulnerabilities affecting cursor with full Chinese analysis, references, and POCs where available.