{"id":240137,"date":"2026-07-02T02:33:54","date_gmt":"2026-07-02T07:33:54","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/07\/critical-cursor-flaws-could-let-prompt-injection-escape-sandbox-and-run-commands"},"modified":"2026-07-02T02:33:54","modified_gmt":"2026-07-02T07:33:54","slug":"critical-cursor-flaws-could-let-prompt-injection-escape-sandbox-and-run-commands","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/07\/critical-cursor-flaws-could-let-prompt-injection-escape-sandbox-and-run-commands","title":{"rendered":"Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/critical-cursor-flaws-could-let-prompt-injection-escape-sandbox-and-run-commands2.jpg\"><\/a><\/p>\n<p>Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor\u2019s safety sandbox and run any command on a developer\u2019s computer. There is no click to fall for and no approval box to ignore.<\/p>\n<p>Cato AI Labs found the pair and named them <b><a href=\"https:\/\/www.catonetworks.com\/blog\/duneslide-two-critical-rce-vulnerabilities\/\" target=\"_blank\">DuneSlide<\/a><\/b>. They are tracked as CVE-2026\u201350548 and CVE-2026\u201350549, both rated 9.8 out of 10 (or 9.3 under the newer CVSS 4.0 scale).<\/p>\n<p>The fix is already out. Both bugs are patched in Cursor 3.0, released April 2, and every version before 3.0 is affected. Cursor\u2019s maker says more than half the Fortune 500 use the tool, so if you run it, update now.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor\u2019s safety sandbox and run any command on a developer\u2019s computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair and named them DuneSlide. They are tracked [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-240137","post","type-post","status-publish","format-standard","hentry","category-robotics-ai"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/240137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=240137"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/240137\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=240137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=240137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=240137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}